• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Understanding user defaults
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Understanding user defaults

  • Subject: Re: Understanding user defaults
  • From: Kyle Sluder <email@hidden>
  • Date: Mon, 18 Mar 2013 17:32:12 -0700
On Mon, Mar 18, 2013, at 05:15 PM, Rick Mann wrote:
>
> On Mar 18, 2013, at 16:30 , Kyle Sluder <email@hidden> wrote:
>
> > 2. NSCoding is not trustworthy. Your app must blindly trust any object
> > archive it loads. This is a significant security risk.
>
> I don't think that argument is any more true for what I'm proposing than
> what what exists today.

You're correct that it's not *more* true, because it's *always* true.

You must not use NSCoding for any data which you do not trust as much as
the code itself.

Reading object archives from NSUserDefaults is a security hazard, as is
reading them from ~/Library/Application Support.

--Kyle Sluder
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Understanding user defaults (From: Rick Mann <email@hidden>)
 >Re: Understanding user defaults (From: Kyle Sluder <email@hidden>)
 >Re: Understanding user defaults (From: Rick Mann <email@hidden>)

  • Prev by Date: Re: Understanding user defaults
  • Next by Date: Re: How can modal window pass messages to its parent window?
  • Previous by thread: Re: Understanding user defaults
  • Next by thread: More prefs/iCloud KVS questions
  • Index(es):
    • Date
    • Thread