Some reflections on the previous project I

Recently, I have been rethinking the project and found a lot of problems. such as data security ...

Although the project requirement is to show only the latest data, it is almost useless for local storage. In addition to the Address Book and user token.

User Address Book another table, today reflect on the user's token storage, I directly use <Preferences> exist locally. Once illegally acquired, with API excuses, the consequences are unimaginable ...

Just like this.

    /** As the name, or the storage of some user's settings is better ~*/Nsuserdefaults*userdefaults =[Nsuserdefaults Standarduserdefaults]; //Save[Userdefaults SetObject:@"Userstoken"Forkey:@"token"]; [Userdefaults synchronize];//return bool Value//TakeNSString *token = [Userdefaults stringforkey:@"token"];

Later there is a discussion with the backend whether it should be used with MD5, and the back end means no need for a ~ (Fuck TJ)

But on second thought, yes. You can read your token, encrypted storage is no use, the big deal even if you encrypt the copy on the line ... If you think about it, you might as well add salt.

//called when the token needs to be validated to the server+ (NSString *) Md5encryptwith: (nsstring*) code{NSString*saltcode = [NSString stringWithFormat:@"%@%@", Code,[self Daysalt]]; Const Char*cstr =[Saltcode utf8string]; unsignedCharresult[ -];            CC_MD5 (CStr, (Cc_long) strlen (CSTR), result); Nsmutablestring*hash = [nsmutablestringstring];  for(inti =0; I < -; i++) {[Hash AppendFormat:@"%02x", Result[i]]; }        return[hash lowercasestring];}+ (NSString *) daysalt{NSDate* senddate=[NSDate Date]; NSDateFormatter*dateformatter=[[NSDateFormatter alloc] init]; //accurate to the hour, if through the LAN capture the token, can guarantee the expiration of one hour later, of course, can also be accurate to minutes, seconds. (Requires server mates)[Dateformatter Setdateformat:@"YYYYMMDDHH"]; return[Dateformatter stringfromdate:senddate];}

I regret it when I finish this. I just need a different storage method to solve it. For example Keychain:

// //   KeyChainIO.h////  Created by M on 16/1/13. //   copyright©2016 year Meng. All rights reserved. // #import <Foundation/Foundation.h>@interface  keychainio:nsobject+ (  void) Savetoken: (NSString *) Token; + (ID) readtoken; + (void) Deletetoken; @end

////KEYCHAINIO.M////Created by M. on 16/1/13.//copyright©2016 year Meng. All rights reserved.//#import "KeyChainIO.h"@implementationKeychainioStaticNSString *ConstKey_in_keychain =@"Com.m1989.info";StaticNSString *ConstKey_token =@"Com.m1989.token";+(void) Savetoken: (NSString *) token{nsmutabledictionary*usernamepasswordkvpairs =[Nsmutabledictionary dictionary];    [Usernamepasswordkvpairs Setobject:token Forkey:key_token]; [Self Save:key_in_keychain data:usernamepasswordkvpairs];}+(ID) readtoken{nsmutabledictionary*usernamepasswordkvpair = (Nsmutabledictionary *) [self load:key_in_keychain]; return[Usernamepasswordkvpair Objectforkey:key_token];}+(void) deletetoken{[self delete:key_in_keychain];}#pragmaMark ==========================+ (Nsmutabledictionary *) Getkeychainquery: (NSString *) Service {return[nsmutabledictionary Dictionarywithobjectsandkeys: (__bridge_transferID) Ksecclassgenericpassword, (__bridge_transferID) Ksecclass, service, (__bridge_transferID) Ksecattrservice, service, (__bridge_transferID) Ksecattraccount, (__bridge_transferID) Ksecattraccessibleafterfirstunlock, (__bridge_transferID) ksecattraccessible, nil];}+ (void) Save: (NSString *) Service data: (ID) Data {//Get Search DictionaryNsmutabledictionary *keychainquery =[self getkeychainquery:service]; //Delete old item before add New itemSecitemdelete ((__bridge_retained cfdictionaryref) keychainquery); //Add New object to search dictionary (attention:the data format)[Keychainquery setobject:[nskeyedarchiver Archiveddatawithrootobject:data] Forkey: (__bridge_transferID) Ksecvaluedata]; //ADD item to keychain with the search dictionarySecitemadd ((__bridge_retained cfdictionaryref) keychainquery, NULL);}+ (ID) Load: (NSString *) Service {IDRET =Nil; Nsmutabledictionary*keychainquery =[self getkeychainquery:service]; //Configure the search setting[Keychainquery SetObject: (ID) kcfbooleantrue Forkey: (__bridge_transferID) Ksecreturndata]; [Keychainquery setobject: (__bridge_transferID) Ksecmatchlimitone Forkey: (__bridge_transferID) Ksecmatchlimit]; Cfdataref KeyData=NULL; if(Secitemcopymatching (__bridge_retained cfdictionaryref) keychainquery, (Cftyperef *) &keydata) = =NOERR) {        @try{ret= [Nskeyedunarchiver unarchiveobjectwithdata: (__bridge_transfer NSData *) KeyData]; } @catch(NSException *e) {NSLog (@"unarchive of%@ failed:%@", service, E); } @finally {        }    }    returnret;}+ (void) Delete: (NSString *) Service {nsmutabledictionary*keychainquery =[self getkeychainquery:service]; Secitemdelete ((__bridge_retained cfdictionaryref) keychainquery);}@end

+ (void) Savetoken: (NSString *) Token;

+ (ID) readtoken;

+ (void) Deletetoken;

To meet the needs.

Instead of keychain, we can only say that the local security is temporary. If you access unsecured WiFi, you will still be dry. So combine MD5 and add salt to make it safer. or direct HTTPS, but is there too much design?

Some reflections on the previous project I