• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Looking for guidance re: password/credential storage and Core Data
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Looking for guidance re: password/credential storage and Core Data


  • Subject: Re: Looking for guidance re: password/credential storage and Core Data
  • From: Wim Lewis <email@hidden>
  • Date: Tue, 3 Nov 2009 12:14:36 -0800


On Nov 3, 2009, at 4:51 AM, David HM Spector wrote:
Is there a pattern commonly followed regarding storage of passwords or other credential type data in core data..? Given the existence and security profile of the KeyChain, it would clearly be best to keep passwords there, but can I map this into a core data model so that I keep a reference of some kind to a password (or other credential, such as an SSH key) thats really stored in the keychain in the core data model rather than the actual value..?


IMHO the nicest way to do this is to have a keychain item whose attributes indicate what account it's for (server name, etc.) and then to do a keychain search based on those attributes when you need the item. This has a handful of advantages: the Keychain Access app acts as a password manager GUI for you; the connection between a document and a keychain item isn't as mysterious and magical; etc.

It's possible to get a persistent reference to a keychain item (a CFData blob) using SecKeychainItemCreatePersistentReference() or SecItemCopyMatching(kSecReturnPersistentRef=YES, ...). So you could store that in Core Data and convert it back to a keychain item ref when you need it. (I haven't actually used these APIs so I don't know how functional they are. FYI, the unique item identifier you can get from SecKeychainItemGetUniqueRecordID() isn't persistent or transportable.)


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Follow-Ups:
    • Re: Looking for guidance re: password/credential storage and Core Data
      • From: Kyle Sluder <email@hidden>
References: 
 >Looking for guidance re: password/credential storage and Core Data (From: David HM Spector <email@hidden>)

  • Prev by Date: Re: NSCollectionView and drag tolerance
  • Next by Date: Re: NSDate / NSXMLParser
  • Previous by thread: Looking for guidance re: password/credential storage and Core Data
  • Next by thread: Re: Looking for guidance re: password/credential storage and Core Data
  • Index(es):
    • Date
    • Thread