IOS apps about bridging security optimization issues

1.log output will be intercepted by the winner, exposing information, affecting app performance

Add the following code to the PCH file in the project

Debug state

#define LMLOG (...) NSLog (__va_args__)

#else

Publish Status

#define LMLOG (...)

#endif/* PERSONLIFE_PCH */

#ifdef DEBUG

#define NSLOG (...) NSLog (__va_args__)

#define DEBUGMETHOD () NSLog (@ "%s", __func__)

#else

#define NSLOG (...)

#define DEBUGMETHOD ()

Then write product---scheme in the project and edit it into release.

Debug development stage edited into debug mode for debugging and development

2. Login request is best to use POST request, put the user information in the request body more secure

If the login page of the H5 is logged in, you need to spell the front end parameters behind the GET request, and after H5 MD5 encrypt the parameters behind the GET request, more secure

3. Do code obfuscation

Improves code security, makes code unreadable, recommends using Zmconfuse, and can be searched on GitHub

How to use: at the terminal CD + zmconfus, copy the confusing project to the current directory and modify the. sh file as required.

Open the project again, will report some errors, modify the PCH path is good, the terminal dragged into the terminal, click Enter to execute the script command

Opening the project again, confusing code, confusing classes, attributes, methods, and functions, is the code completely out of readability.

(Note the name of the file and the name of the class rules, you should be aware of the same as not found the corresponding error, will be reported compilation errors, resulting in confusion error)

4. Authentication authorization is required when using the new device---as

Different device repeated login check problem: The first login account binding device UUID, with the second phone when the same account again, the server first compare UUID UUID different logout current user popup alert with mobile phone verification code to verify, verify the successful binding uuid, Implementation number of one-to-many storage in the server backend to implement account login and so on, to achieve a different device repeat login check.

5.https Double authentication problem requires the background to provide the relevant certificate for authentication

Here is the method of system verification

-(void) connection: (Nsurlconnection *) connection Didreceiveauthenticationchallenge: (Nsurlauthenticationchallenge * ) Challenge {

Directly verifies that the server is authenticated (Servertrust), which directly ignores certificate authentication and trusts the Connect

Sectrustref servertrust = [[Challenge Protectionspace] servertrust];

return [[Challenge Sender] Usecredential: [Nsurlcredential Credentialfortrust:servertrust]

Forauthenticationchallenge:challenge];

if ([[[[Challenge Protectionspace] authenticationmethod] isequaltostring:nsurlauthenticationmethodservertrust]) {

Do

{

Sectrustref servertrust = [[Challenge Protectionspace] servertrust];

Nscassert (Servertrust! = nil, @ "Servertrust is nil");

if (nil = = Servertrust)

Break /* Failed */

NSString *cerpath = [[NSBundle mainbundle] pathforresource:@ "certificate name" oftype:@ "CER"];//self-signed certificate

nsdata* CaCert = [NSData Datawithcontentsoffile:cerpath];

NSString *cerpath2 = [[NSBundle mainbundle] pathforresource:@ "certificate name" oftype:@ "CER"];//SSL certificate

NSData * CaCert2 = [NSData datawithcontentsoffile:cerpath2];

Nscassert (CaCert! = nil, @ "CaCert is nil");

if (nil = = CaCert)

Break /* Failed */

Nscassert (CaCert2! = nil, @ "CaCert2 is nil");

if (nil = = CaCert2) {

Break

}

Seccertificateref caref = Seccertificatecreatewithdata (NULL, (__bridge cfdataref) caCert);

Nscassert (caref! = nil, @ "Caref is nil");

if (nil = = Caref)

Break /* Failed */

Seccertificateref CaRef2 = Seccertificatecreatewithdata (NULL, (__bridge cfdataref) caCert2);

Nscassert (CaRef2! = nil, @ "CaRef2 is nil");

if (nil = = CaRef2)

Break /* Failed */

Nsarray *caarray = @[(__bridge ID) (CAREF), (__bridge ID) (CAREF2)];

Nscassert (Caarray! = nil, @ "Caarray is nil");

if (nil = = Caarray)

Break /* Failed */

Osstatus status = Sectrustsetanchorcertificates (Servertrust, (__bridge cfarrayref) caarray);

Nscassert (errsecsuccess = = status, @ "Sectrustsetanchorcertificates failed");

if (! ( Errsecsuccess = = status))

Break /* Failed */

Sectrustresulttype result =-1;

Status = Sectrustevaluate (Servertrust, &result);

if (! ( Errsecsuccess = = status))

Break /* Failed */

NSLog (@ "stutas:%d", (int) status);

NSLog (@ "Result:%d", result);

BOOL Allowconnect = (Result = = ksectrustresultunspecified) | | (Result = = Ksectrustresultproceed);

if (allowconnect) {

NSLog (@ "Success");

}else {

NSLog (@ "error");

}

if (! Allowconnect)

{

Break /* Failed */

}

#if 0

/* Treat Ksectrustresultconfirm and Ksectrustresultrecoverabletrustfailure as success */

/* Since the user would likely tap-through to see the dancing bunnies * *

if (result = = Ksectrustresultdeny | | result = = Ksectrustresultfataltrustfailure | | result = = ksectrustresultothererror)

Break /* Failed to trust cert (good in the case) */

#endif

The only good exit point

NSLog (@ "Trust this Certificate");

return [[Challenge Sender] Usecredential: [Nsurlcredential Credentialfortrust:servertrust]

Forauthenticationchallenge:challenge];

}

while (0);

}

Bad Dog

return [[Challenge Sender] cancelauthenticationchallenge:challenge];

}

-(BOOL) connection: (Nsurlconnection *) connection canauthenticateagainstprotectionspace: (Nsurlprotectionspace *) Protectionspace {

return [Protectionspace.authenticationmethod Isequaltostring:nsurlauthenticationmethodservertrust];

}

At present, the app detects these problems, has resolved the hope to be able to help you

IOS apps about bridging security optimization issues