i have an iOS App which loads and .txt file from app's root. If i use iFunBox or any iPhone Browsers i can see that .txt file, how can I hide it? I think it's all about security of this file, encode/decode. Please help me. Any advice, source codes, examples. I'm new here. thanks
The short answer: You can't
The long answer: No matter what you do, you will end up having a copy of the decrypted contents in memory at some point so a crafty cracker will be able to copy the contents out of memory. The best you can do is make it not worth their trouble. This includes using pure C, never storing the contents in one variable (always concat, etc), and encrypting the file with an industry standard encryption like AES-256. Good luck.
I'm not sure that it is possible to protect the file any more than what apple already does. Even if you could, I don't think It would really be worth your trouble to do so unless the .txt file is something that you really need to protect.
Related
i want not to let specific files to be deleted even after formatting the hard disk ? what is the possible change(s) that i should make to the files so as these files would not be deleted during formatting and how i would recognize these files after formatting?
i have googled, but no hope.
Thanks in advance.
No, this is not possible since formatting destroys ALL data on a disk (including meta data like information regarding the used file system which would be needed to read the file)
a file can never truly be undeletable. A reformat, removal of the security software, or change in permissions can always bypass tricks . The best you can do is limit the scope of who can access or delete the content.
I am downloading a mp4 file with my iOS app, it works fine using
NSData dataWithContentsOfURL
but i need to updated only if the file has been updated,
can I check the file headers? or what is the best way to determine if the file has been updated so I downloaded it again?
Thanks
You can access the metadata using the http HEAD request, as explained in this SO answer. You'll need to create some sort of parser to pick out the information you need, though. Note that this might not work with every server, depending on how it has been set up.
If you have control of the server yourself, I'd recommend using a php script to output the date the file has been last changed, which you would call before downloading the file.
Personally, I prefer placing a manifest file (usually a plist) alongside the file in question, as it can hold even more data, for example metadata for several files, the number of entries in a database and the like. A backdraw of this approach is that you'll need to keep this file up to date, though. But often, that is worth the while.
Lastly, as rckoenes has mentioned, dataWithContentsOfURL is not a very good way to download files, espcially large ones. You really should be using some sort of datamanager class, which manages a NSURLConnection.
I currently have a large .sqlite data store of long string text. It's about 160MB and will grow to about 200MB when I'm completely done. This is a "read only" data set.
What I do now is simply place that file in my bundle and read it during runtime. However, that means the app requires you to download 160MB. Not optimal.
One solution is to gzip that file, ship the gzipped version in the bundle, uncompress it on first run, and put it in the Documents/ folder. This means you'd download far less, but the total size the app uses on the device is (size of gzip'd + size of ungzip'd) which is obviously not optimal either.
I want to use the gzip solution, but after application's first run, I want to delete the .gz version. Is this possible? How do I achieve it? What would another good solution be?
It is not possible to delete a file in the bundle. The app must be signed and if the bundle is modified in any way, it will not pass the signature.
The only other solution I can think of, is to setup a web service, and have your app download portions of your content as necessary. This may or may not be a viable solution, depending on what your app is actually doing.
As Paul says, anything in your bundle is part of the signature.
I can't see this changing as it is a fundamental part of signing apps.
The other classic approach is to compress the data in your bundle, as heavily as possible, so you unpack it when you build the working storage.
I have a system where users can upload, well, anything really - and these files are available to other users.
I need to come up with a list of file types that are genuinely needed by professionals in different industries that are safe from hacking/viruses, etc.
.doc .docx .gif .jpg .jpeg .mpg .mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav
What other file types do you know of that are both useful and safe?
Clarification
Many of the comments and responses are asking for a clearer definition of 'safe from hacking/viruses' - I ask the question with precisely that level of detail because I don't have as sophisticated an understanding of file types and their risks as many of you do, and I would like guidance on 1) any file types that may keep my site more secure, and 2) if there are no 'safe' file types then any advice on how to move forward with a system that allows for flexible uploading and sharing of files.
If indeed any malicious file can be packaged as a seemingly-safe file, how can I protect my users?
No filetype is safe if the program you use to open it with is badly (or carelessly or evil-y) written.
You can't assume that all files with a given extension is safe from 'viruses'.
I can easily rename a malicious executable to .doc and 'hack' your system.
EDIT:
There is no (simple?) way to check whether a user-uploaded file is malicious or not.
The app that you're creating is no different than any other file sharing websites out there (Rapidshare, Megaupload, etc).
There is nothing stopping anyone to upload malicious files to those websites.
Safe files does not exists. The ordinary text file is safe? For example with content:
format c:
if some program can execute a content of the file... you get the idea.
So, here are not safe files - only restrictions to RUN code (programs). (And I understand if this answer does not like.) :)
For "useful" you'll need to ask your customers.
For safe, there's no such thing because a file extension is just a part of the file name that gives a suggestion of what type of file it is. It need not accurately represent the type, and is easily manipulated.
Rather than protecting based on file type. I would get a 3rd party to virus scan each file on upload. Reject those which are identified as positive.
The list is pretty endless! A quick search finds http://filext.com/alphalist.php?extstart=^A
Well you can include all data files and exlude all executable/script files.
One list of executable file extensions is here: http://pcsupport.about.com/od/tipstricks/a/execfileext.htm
you may look other sources to inprove coverage.
Edit: for second part of the question addressing sequrity-
It would be best to have bunch of anti malware software installed on the server to check each sumbission - they are designed for this specialized task, use them. Anyways no executable file is professionaly useful as long as people are not looking for crackware.
I am getting file list in my Java program using list() method of File class. When I run my program on Knoppix I get ???? instead of Cyrillic file names. It seems that problem is in knoppix, not java. I tried to use options for mounting file system, such as nls and iocharset, but it has no effect (or may be I use it in wrong way). Somebody can help me?
I think that problem is as you said with Knoppix. Probably you do not have Cyrillic font bundled, so there is no way to display these code points.
If you want to fix this, you will need fix distribution, as there is nothing wrong with the program. I am not sure if this is the question for https://serverfault.com/ or https://superuser.com/, but you can read their FAQ's and ask how to fix it there (probably you will need to re-create Knoppix distribution).