CODEWITHSUNDEEP
nsstringobfuscationencryption
Yanchi
Yanchi

Reputation: 1030

How to store server authentification in source code

In my app I'm doing various request on server API. When I'm doing those requests, part of my requester class is: 

NSString *authString = [[[NSString stringWithFormat:@"serverUsername:serverPass"]dataUsingEncoding:NSUTF8StringEncoding] base64EncodedString];
NSString *verifString = [NSString stringWithFormat:@"Basic %@",authString];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
NSData *myRequestData = [NSData dataWithBytes:[ms UTF8String] length:[ms length]];
[request setHTTPBody:myRequestData];

I'm not including all of source code, but then I have another strings, that I don't want to be visible in source code (fingerprints etc).

I was searching for code obfuscating, but to no success. Is there any way, to prevent my credential strings to be visible in x-code?

Upvotes: 0

Views: 56

Answers (1)

zero3nna
zero3nna

Reputation: 2918

I think the best way is to store it in a plist file.

- (NSString *)saveRecommendUserData {
  NSError *error;
  NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
  NSString *documentsDirectory = [paths objectAtIndex:0];
  NSString *path = [documentsDirectory stringByAppendingPathComponent:@"Userdata.plist"];
  NSFileManager *fileManager = [NSFileManager defaultManager];

  if (![fileManager fileExistsAtPath:path])
  {
      NSString *bundle = [[NSBundle mainBundle] pathForResource:@"Userdata" ofType:@"plist"];
      [fileManager copyItemAtPath:bundle toPath: path error:&error];
  }

  return path;
}

Upvotes: 1

Related Questions