Inicio Explorar Ayuda
Registro Iniciar sesión
public
/
cordova-plugin-ios-keychain
Seguir 2
Destacar 0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

Fixing security issue

Plugin logs sensitive information and that is considered as a security issue. iOS logs are can be easily accessed by attacker.

References:
https://www.owasp.org/index.php/Mobile_Top_10_2016-M2-Insecure_Data_Storage
https://www.kaspersky.com/blog/starbucks-moves-quick-to-fix-application-security-vulnerability/3510/ (Starbucks for instance had problem with placing sensitive data to iOS logs and that was a big scandal ;-) )
Wojciech Reguła hace 8 años
padre
d9bbf389e7
commit
980230645c
Se han modificado 1 ficheros con 1 adiciones y 3 borrados
Dividir vista Mostrar estadísticas de diff
  1. 1 3
      src/ios/CDVKeychain.m

+ 1 - 3
src/ios/CDVKeychain.m
Ver fichero 

@@ -69,9 +69,7 @@
 
     NSString* key = [arguments objectAtIndex:0];
 
     NSString* value = [arguments objectAtIndex:1];
 
     BOOL useTouchID = [[arguments objectAtIndex:2] boolValue];
 
-
 
-      NSLog(@"SET %@ %@ %d", key ,value, useTouchID);
 
-
 
+   
     A0SimpleKeychain *keychain = [A0SimpleKeychain keychain];
 
 
     if(useTouchID) {