Re: Understanding user defaults
Re: Understanding user defaults
- Subject: Re: Understanding user defaults
- From: Jens Alfke <email@hidden>
- Date: Mon, 18 Mar 2013 17:31:29 -0700
On Mar 18, 2013, at 5:15 PM, Rick Mann <email@hidden> wrote:
>> 2. NSCoding is not trustworthy. Your app must blindly trust any object
>> archive it loads. This is a significant security risk.
>
> I don't think that argument is any more true for what I'm proposing than what what exists today.
Property lists are safe to read because they only contain a very limited set of data types, and only a very small set of methods run as a result of decoding one. That’s not true of archives. There have been serious security holes in the unarchiver in the past, and the security footprint includes all archivable classes, which includes things like NSView. I have no doubt someone could easily come up with a malicious archive that would crash an app or worse.
—Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden