Re: Robustness of CoreData against malicious documents?
Re: Robustness of CoreData against malicious documents?
- Subject: Re: Robustness of CoreData against malicious documents?
- From: Scott Ellsworth <email@hidden>
- Date: Tue, 4 Apr 2006 12:25:17 -0700
On Apr 4, 2006, at 12:18 PM, Cem Karan wrote:
On Apr 4, 2006, at 2:52 PM, Jim Correia wrote:
On Apr 4, 2006, at 12:10 PM, Cem Karan wrote:
On Apr 4, 2006, at 11:57 AM, William Bumgarner wrote:
Validating an XML schema is an expensive operation. You can
find the CoreData DTD in /System/Library/DTDs (along with DTDs
for other XML based data formats on the system).
In general, Core Data will toss an exception or return an
NSError (return NO/nil and fill in an NSError**, really) in the
face of malformed data.
I know that its an expensive operation, but I need to be able to
do it; we're just too tempting a target.
Does setting the option that tells Core Data to validate an XML
store when opening not work for you?
How do I set this? And can it handle maliciously malformed data?
(e.g., data that someone hand-crafted and passed to my app in the
hopes of getting it to break and execute code rather than just
parse data)
Could you stuff a checksum in the metadata, perhaps built with an
appropriate public/private key pair? Assuming that the black hats
have not compromised the framework or the sqlite executables, you
could at least be sure that the file you are reading was written by
your app.
If you want the app to write the files, as well as read them, then
you also need to worry about them attacking the app itself to disable
any such checks.
Scott
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden