NSSecureCoding

NSSecureCoding is a protocol introduced in the iOS 6 / OS X Mountain Lion SDKs. Aside from a few mentions at WWDC, NSSecureCoding remains relatively obscure, most developers have perhaps heard of it, but perhaps never went so far as to look up what it does.

→ nshipster.com/nssecurecoding/

NSSecureCoding is a protocol from iOS 6 / OS X Mountain Lion. It adds the class method supportsSecureCoding. Classes that conform and return YES promise safe encoding/decoding to stop substitution attacks.

In initWithCoder, use decodeObjectOfClass:forKey: instead of decodeObjectForKey: to check the class. This fixes a flaw where decoding could make wrong objects from bad data, risking crashes or harm.

It is key for XPC services, which need strong security. NSSecureCoding sets a rule for safer unarchiving, mainly for future-proofing.

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds, send me a comment via email, and/or leave a donation in the Tip Jar.

Tags