How easy or difficult is to access / hack / change the "Core Data" data stored in the iPhone?_问答_开发者

How easy or difficult is to access / hack / change the "Core Data" data stored in the iPhone?

开发者 https://www.devze.com 2023-01-30 04:30 出处：网络

My app is going to save a flag in the database (core data) saying whether the user is authenticated or not. How easy or difficult is to someone to access the \"core data\" database and change the info

相关专题：core-data

My app is going to save a flag in the database (core data) saying whether the user is authenticated or not. How easy or difficult is to someone to access the "core data" database and change the information there without going through the App?

I am going to save a flag there saying "this user is authenticated" so he never has to authenticate again. This is a fun app, not a bank app, so I wonder if that's ok.

Putting in other words: 开发者_如何学PythonShould I assume that a regular iPhone user (not jailbroken of course) will not be able to mess with the "core data" database and this database can only be accessed through its intended iphone app?

This isn't the kind of thing you should use Core Data for anyway. You should instead use NSUserDefaults or the keychain (depending on if you're just storing that flag, or associated user/password information).

The user defaults are there for storing settings, the keychain for private data. Use the right screwdriver for the right screw.

The iOS app sandbox is quite tight on-device. As such other apps won't be able to access your database, nor will the user on-device.

Application data in the app's Documents directory is backed up through iTunes, however. Though I've never tried such a thing, I can imagine a scenario where the user installs and runs your app but is not authenticated. He syncs and the user data is written to his computer. He opens the backed-up resource on his PC (iTunes does encrypt or obfuscate it) and figures out how to change the sqlite database or plist to show himself as authenticated. He then uninstalls the app on his device, then reinstalls it through iTunes, authenticating himself.

If the scenario is possible, you could potentially store the database in the cache directory instead, a directory that's not backed up when the device is synced with iTunes. It means the database would vanish if the user had to restore his device, but that might be an acceptable loss in your scenario, I don't know.

Edit I agree with jer that the database isn't the best place to store such info, and if you're targeting iOS 3.2 and above, keychain is definitely the better place.

I don't believe a user on a non jailbroken phone would be able to mess with the data.