Re: Understanding user defaults
Re: Understanding user defaults
- Subject: Re: Understanding user defaults
- From: Kyle Sluder <email@hidden>
- Date: Mon, 18 Mar 2013 16:30:30 -0700
On Mon, Mar 18, 2013, at 04:07 PM, Rick Mann wrote:
> I'm a little bit surprised that I can't add my NSCoding-conforming object
> directly to NSUserDefaults. Why is this? Is it just a long-standing
> oversight of NSUserDefaults, or is there a technical reason why it
> doesn't work?
A couple possible reasons come to mind:
1. You shouldn't store massive amounts of data in user defaults.
Allowing people to store arbitrary NSCoding-compliant objects would
encourage such usage.
2. NSCoding is not trustworthy. Your app must blindly trust any object
archive it loads. This is a significant security risk.
Let's say your app bundle is installed via the Mac App Store. It's owned
by root, it's codesigned, and it's sandboxed.
An unprivileged user can exploit a vulnerability in your app by crafting
a specific object archive and storing it in their preferences, despite
your app being unmodifiable by the user.
The mantra is that you must treat any user data as hostile until proven
otherwise. Allowing user data to control such a fundamental operation as
allocating objects is like playing Russian roulette.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden