Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Right now I have a username being stored in NSUserDefaults and the password in a keychain. While I know everything is stored in plain text in NSUserDefaults, could an end-user also change this stored value? The username is used throughout the application to retrieve data from a server. My fear is that if an end-user can change this value, they would be able to become other users.
So is NSUserDefaults readable and writable or just readable by the end-user?
That depends. Your average end-user will not be able to, but an average user with a Jailbroken iDevice could.
Your
NSUserDefaulsis a plist stored in~/Applications/{APPLICATION_UUID}/Library/Preferences/com.mydomain.myapp.plistin a plain XML format, making it very easy for an end user to edit, and if they are a serious jailbreaker in the first place, they probably have a plist editor on their iPhone to start with (iFile, iFinder, etc.)Sensitive data should be stored in an encrypted binary format via
fread()/fwrite()in my opinion.