当有人拥有越狱设备时,objective-c 中的序列化对象的安全性如何?
我有一个游戏需要保存其状态。我担心有恶意的人可能会保存游戏,然后编辑保存的文件进行作弊。
我正在考虑使用串行对象来存储状态数据。串行对象有多安全?有人可以轻松编辑吗?
我一直在使用钥匙串来存储敏感数据并且效果很好(尽管我不能 100% 确定优秀的黑客无法破解钥匙串),更好的主意是将对象值存储在钥匙串中并且然后使用它们而不是使用序列化对象重新创建它?
谢谢
I have a game that I need to save the state of. I am wary that someone with bad intentions could save the game and then edit the saved files to cheat.
I am thinking of using a serial object to store the state data. How safe are serial objects? Would someone be able to edit one easily?
I've been using the keychain to store sensitive data and that works well (although I'm not 100% sure that a good hacker couldn't hack the keychain), would a better idea be to store the objects values in the keychain and then recreate it using them instead of using a serialized object?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
客户端上发生的任何事情都是不安全的。他可以反汇编和修补你的代码,修改你的保存游戏,编写机器人,伪造发送到服务器的数据包,......
假设他可以对客户端的源代码做任何事情。
唯一安全的事情是发生在服务器上的事情。
Nothing that happens on a client is secure. He can disassemble and patch your code, modify your savegames, write a bot, fake the packets sent to the server,...
Just assume he can do whatever one can do with the sourcecode of the client.
The only secure things are those happening on the server.
拥有越狱设备的用户比您对设备有更多的控制权。没有安全的地方可以隐藏秘密或防止数据被修改。
A user with a jailbroken device has more control over the device than you do. There is no safe place to hide secrets or keep the data from being modified.
您始终可以通过首先序列化对象,创建文件的校验和,然后在重新加载保存状态后进行检查来使破解变得更加困难。
You could always make it more difficult to crack by first serializing the object, create a checksum of the file and then check against that after reloading the save state.