So, NSUserDefaults is quite easy to use. But apparently, it is not too secure - there is no encryption. And of course the client wants the app prefs to be secure because it contains sensitive data.
But the Keychain is secure, though hard to code (apparently). So is there a way to easily convert NSUserDefaults code to Keychain code? In other words, I want to store app prefs within the Keychain. Or am I barking up the wrong tree?
Both of the below solutions are wrappers around KeyChain API. By using them in a NSUserDefaults category, you can have clean way to access and store passwords.
For Mac OS X
You can try the EMKeyChain library that wraps the keychain in a friendly manner. If you need to store passwords, it is as simple as NSUserDefaults.
For iPhone
There is a simple wrapper: Simple iPhone Keychain Code.
For iOS (and possibly OS X) you can use my GSKeychain library. Sample usage:
// Store a secret
[[GSKeychain systemKeychain] setSecret:#"t0ps3kr1t" forKey:#"myAccessToken"];
// Fetch a secret
NSString * secret = [[GSKeychain systemKeychain] secretForKey:#"myAccessToken"];
// Delete a secret
NSString * secret = [[GSKeychain systemKeychain] removeSecretForKey:#"myAccessToken"];
Hope this helps!
It's extremely simple to do that using the PDKeychainBindings library.
Here is an article i wrote about it recently.
Sample code
Instead of this
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
[[Model sharedModel] currentUser] setAuthToken:[defaults objectForKey:#"authToken"]];
Use this
PDKeychainBindings *bindings = [PDKeychainBindings sharedKeychainBindings];
[[[Model sharedModel] currentUser] setAuthToken:[bindings objectForKey:#"authToken"]];
Related
In my iphone app there is some confidential data like username, password and some urls to a webservice.
Which one is better NSUserdefaults or keychain.
Somebody says NSUserdefaults is insecure. Why it is insecure?
and can any one give the pros and cons of each one.
NSUserDefaults is quite easy to use and stores one value per key only. But apparently, it is not a very secure method, as there is no encryption.
But the Keychain is secure, though it is a bit hard to code.
You can refer these link to use keychain access.
http://log.scifihifi.com/post/55837387/simple-iphone-keychain-code
you can also use this library deviced by Simon
https://github.com/goosoftware/GSKeychain
I hope it helps you!!
It may be useful to notice that Keychain data will be persisted even if you app is deleted, but NSUserDefaults data will go away with the app (NSUserDefaults is part of the app sandbox, Keychain is an app-independent service).
Anything stored in NSUserDefaults can be (relatively) easily opened and read, whether on the device or in a (non-encrypted) backup to iCloud or to a sync'd Mac.
Keychain, on the other hand, is meant for stuff like certificates and passwords. I've linked an article titled "How Not To Store Passwords in iOS" which gives a bit more useful detail, as well.
Keychain is way better solution, because it is more secure, but anyway, if you would save this kind of information into the NSUserDefaults, your users wouldn't feel any different. If someone would hack their device, they could get information from Keychain, the same as they would get information from UserDefaults. So this question of security is rhetoric. But anyway, the good programming style is to save this data into the Keychain!
I would recommend you to use Keychains.
Using Keychain, you can store your password in encrypted form. Take a look at Apple's GenericKeychain sample.
NSUserDefaults is a little less secure when compared with Keychain.
In NSUserDefaults data can accessed easily if the specific key is known. This is not the case in Keychain.
You can also convert NSUserDefaults to Keychains. Take a look here.
I'm wondering how I can add some kind of setup to my App so when the user launches the App it asks a couple of questions and based on those questions it redirects to a specific view and the next time the app launches it will continue there again.
Is there any way to achieve this, because I'm unsure where I should start searching for.
I did something similar in my last project. There the user had the option to use the application connected with facebook or not. For storing the decision of the user I used a key/value pair in the NSUserDefaults. It's very easy to read/write and its persistently stored in the apps filesystem.
I first checked the NSUserDefaults if the key/value pair already exists.
If not, I did a redirection to a ViewController containing the two buttons (With FB/No FB)
Then depending on the selection of the user I setted the NSUserDefault key.
If yes, I did read the NSUserDefaults and get the value of the key.
Depending on the loaded value I redirected him to the FB ViewController or the the normal one.
Here a short example of reading the NSUserDefaults:
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
NSString *myString = [prefs stringForKey:#"keyToLookupString"];
Here a short example of writing the NSUserDefaults:
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
[prefs setObject:#"TextToSave" forKey:#"keyToLookupString"];
I guess the only difference to your application is that you have several values to store but for that you can still use the NSUserDefaults. You could also use the CoreData to store the information but I think in that case using the NSUserDefaults is the way to go.
In my iphone app there is some confidential data like username, password and some urls to a webservice.
Which one is better NSUserdefaults or keychain.
Somebody says NSUserdefaults is insecure. Why it is insecure?
and can any one give the pros and cons of each one.
NSUserDefaults is quite easy to use and stores one value per key only. But apparently, it is not a very secure method, as there is no encryption.
But the Keychain is secure, though it is a bit hard to code.
You can refer these link to use keychain access.
http://log.scifihifi.com/post/55837387/simple-iphone-keychain-code
you can also use this library deviced by Simon
https://github.com/goosoftware/GSKeychain
I hope it helps you!!
It may be useful to notice that Keychain data will be persisted even if you app is deleted, but NSUserDefaults data will go away with the app (NSUserDefaults is part of the app sandbox, Keychain is an app-independent service).
Anything stored in NSUserDefaults can be (relatively) easily opened and read, whether on the device or in a (non-encrypted) backup to iCloud or to a sync'd Mac.
Keychain, on the other hand, is meant for stuff like certificates and passwords. I've linked an article titled "How Not To Store Passwords in iOS" which gives a bit more useful detail, as well.
Keychain is way better solution, because it is more secure, but anyway, if you would save this kind of information into the NSUserDefaults, your users wouldn't feel any different. If someone would hack their device, they could get information from Keychain, the same as they would get information from UserDefaults. So this question of security is rhetoric. But anyway, the good programming style is to save this data into the Keychain!
I would recommend you to use Keychains.
Using Keychain, you can store your password in encrypted form. Take a look at Apple's GenericKeychain sample.
NSUserDefaults is a little less secure when compared with Keychain.
In NSUserDefaults data can accessed easily if the specific key is known. This is not the case in Keychain.
You can also convert NSUserDefaults to Keychains. Take a look here.
I am new in iphone programming. I am making an application in which I want to enter the name, location etc using iphone application and store it into database, so that I can retrieve any name any time or can store any user entry any time.
How can I implement this? Please give me some solution.
Thanks alot.
You should use CoreData, a sqlite3 wrapper.
iOS 4 CoreData tutorial
If you want to store only name and location use NSUserDefaults class instance as below.
NSUserDefaults *standardUserDefaults = [NSUserDefaults standardUserDefaults];
use google for NSUserDefaults examples.
As told by #Antwan van Houdt, You can go for CoreData or sqlite3.
I have a simple application, based of the "Utility Application" template. It retrieves a password-protected XML file (via NSXMLParser).
I want to allow the user to set a username and password in the "FlipsideView", how would I go about this?
I have the basics in place, the two UITextField boxes, the value of which gets set to a fixed value when the view loads (using the viewWillAppear method), and NSLog'd when the view is closed (the NSLog is just for testing, obviously, in the viewWillDisappear method)
How do I store the data? I've had a look at the Developer documentation, and it seems like I should be using NSUserDefaults..?
I agree with Ben. This is exactly what the Keychain is for.
I would not, under any circumstances simply store passwords in the defaults as dbr suggests. This is highly insecure. You're essentially storing your passwords in the open.
In addition to Apple's sample code, I also recommend Buzz Anderson's Keychain code:
iPhone Keychain Code
This is exactly what Apple developed the Keychain for. Using Keychain, you can store your password in encrypted form. Take a look at Apple's GenericKeychain sample.
Aha, NSUserDefaults seems to work, and is simple to use, but isn't secure in the slightest:
password is the IBOutlet for the UITextField.
- (void)viewWillAppear:(BOOL)animated
{
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
NSString *pword = [prefs objectForKey:#"password"];
password.text = uname;
}
- (void)viewWillDisappear:(BOOL)animated{
NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
[prefs setObject:password.text forKey:#"password"];
}
The password is stored in plain-text in a plist, so it would be quite easy for someone else to access.. but this is useful for storing non-sensitive settings.
I ended up using this to store the username field, and stored the password using the SFHFKeychainUtils keychain code from August's answer.