Geek Answers Handbook

How to protect dealloc memory for whole lines in iOS?

I am very new to iOS development and I have the following question: In my code, I have a UIViewController with a UIText field that will contain the password when the user enters the view. The password is used for authentication to the server:

UItextField* txtPassword; [myClass loginWithPassword:txtPassword.text];

After use, I want to be sure that there is no password left in the memory, so an attacker will not be able to dump the iPhone and extract the password from it.

In windows, for example, I could use the SeucreZeroMemory function to fill a block of memory with zeros.

What is the best way to do this for iOS? Who is responsible for freeing the UItextField* string, and is that enough?

+4
source share
2 answers

What you want is really not necessary, you do not need to write zeros on the data you highlighted to be sure that it is safe. The reason is that no one but you can access the memory, and iOS uses address space randomization, so even if you can get your memory, it's hard to guess where your data is (and if you don't know where the data is, it’s hard to guess what kind of data, fortunately, RAM does not have a file system that helps in this case). Secondly, if you use [foo release] , and the text field gets freed in this process, the OS restores memory. Now, the OS will always fill new memory pages with zeroes before passing them to the request process, so you do not need to worry that there is a malicious application that simply allocates memory in the hope that it will find the password in this way.

+1
source

ok, Release your object that stores the password in your class by going to the dealloc methods. Or release ever use of this object. Having written this [issue of the facility]; Hope this helps you.

-1
source

More articles:


All Articles