Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Write Secure Cocoa Code

Tags:

string

security

cocoa

encryption

disassembly

Im making an application in cocoa and wanted to see if some strings in it were easily accessible so I ran OTX on it and sadly all of my code was found. Is there a method I can use to make my code more "secure" or at least encrypt/hide the strings? The reason I want to encrypt the string is it's a password for a server. I don'd need it really secure I just don't want the password to be so easy to find.

Thanks for any help

like image 203
nosedive25 Avatar asked Mar 14 '10 12:03

nosedive25

1 Answers

You should never put a password into an executable.

This is like putting the password on a sticky note next to the monitor. If a malicious hacker has your application they can eventually extract the password regardless of what language or API you use to write it.

For example, if I know that your application connects to a password protected server but the application never ask for a password, then I know you've made the mistake of including the password. To find the password, I need only monitor the operation of the program to see what areas of code are active around the time it connects to the server. This will tell me where to focus the search for the password regardless of how big your application is. Then it is only a matter of time until I track the password down. Encrypting the password does no good because the encryption algorithm must also be in the app and I can unravel that as well.

Remember that there are many people out there who can unravel your code using only the raw machine code. For those people it doesn't matter what language or API you use because they all distill to machine code in the end. Those people are the scary skilled gods of programming and they laugh at mere mortals such as you or I. Unfortunately, some of them are evil.

Did I mention that you should never put a password into an executable? If I didn't, let me repeat that you should never put a password into an executable.

In your particular case, as novice programmer, you have no hope of hiding of the password from someone with even a little bit more experience than yourself. This is yet another good reason why you should never put a password into an executable.

like image 173
TechZen Avatar answered Nov 15 '22 10:11

TechZen
Sign in to Comment

Related questions

UIView has portrait dimensions while in landscape?
Cocoa: NSView origin x at the bottom
Access Facebook Accounts on OS X Mountain Lion
Handling orientation / rotation with storyboards on iOS 6
Drag and drop from finder to WebView
How to detect if NSURLConnection's sendSynchronousRequest:returningResponse:error: ended up being timed out or other error
Change the launch image of an app on every launch
What is Assets.car file in .app?
jQuery returns wrong document height
Is this possible to get the User's highlight colour on OS X using Cocoa?
How to draw segmented control with blue tint like Xcode?
"with" in parameter names in Swift initialisers
Hide NSWindow titlebar background like Messages.app
How to set doubleAction property of NSTableViewCell in Swift?
Lower volume of AVAudioPlayer sound
Does using lists of structs make sense in cocoa?
Hyperlink in Cocoa
Convert NSString to NSDictionary
Is there a shortcut to get to the /Resources/ folder in iPhone development?
How to store sensitive data (e.g. passwords, API keys) in Cocoa app?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!