Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added URLCredential documentation #63

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -452,7 +452,7 @@ Even in an age where we trust our portable devices with the most private data, a

### Data Storage

If your app needs to store sensitive data, such as a username and password, an authentication token or some personal user details, you need to keep these in a location where they cannot be accessed from outside the app. Never use `NSUserDefaults`, other plist files on disk or Core Data for this, as they are not encrypted! In most such cases, the iOS Keychain is your friend. If you're uncomfortable working with the C APIs directly, you can use a wrapper library such as [SSKeychain][sskeychain] or [UICKeyChainStore][uickeychainstore].
If your app needs to store sensitive data, such as a username and password, an authentication token or some personal user details, you need to keep these in a location where they cannot be accessed from outside the app. Never use `NSUserDefaults`, other plist files on disk or Core Data for this, as they are not encrypted! In most such cases, the iOS Keychain is your friend. It is best to store your credentials in the iOS Keychain with [NSURLCredential](https://developer.apple.com/documentation/foundation/nsurlcredential) and [NSURLCredentialStorage](https://developer.apple.com/documentation/foundation/nsurlcredentialstorage). You create and store your access token in a `NSURLCredential`, and store that credential in a `NSURLCredentialStorage` instance. You will also need to specify a [NSURLProtectionSpace](https://developer.apple.com/documentation/foundation/urlprotectionspace), which represents a server or an area on a server, commonly referred to as a realm, that requires authentication. You can persist the credentials in the user's keychain, or for a single request. There are also wrapper libraries such as [SSKeychain][sskeychain] or [UICKeyChainStore][uickeychainstore], that let you interact with the keychain directly, but this is not recommended.

When storing files and passwords, be sure to set the correct protection level, and choose it conservatively. If you need access while the device is locked (e.g. for background tasks), use the "accessible after first unlock" variety. In other cases, you should probably require that the device is unlocked to access the data. Only keep sensitive data around while you need it.

Expand Down