[ProgSoc] NSURLConnect (iPhone SDK, NdV might know this?)

Nathan de Vries nathan at atnan.com
Fri Feb 26 17:53:32 EST 2010


Hi Bryn,

Yeah, NSURLConnection (on both the iPhone & Mac) uses the system configuration to connect via configured proxies & the keychain to answer authentication challenges with stored credentials. Unless you implement "connection:didReceiveAuthenticationChallenge:" in your delegate, a default implementation is used.

In terms of security of credentials, if you attempt to grab the password text out of the credentials presented in the "connection:didReceiveAuthenticationChallenge:" delegate method, the user is asked if they want to give your application access to the keychain (by entering their main password).


Cheers,

Nathan



On 26/02/2010, at 12:10 PM, Bryn Davies wrote:
> When an application deploys the URL loading system via NSURLConnect,
> does it transparently leverage the proxy settings (for e.g. a
> corporate or institutional proxy) registered in System Preferences? I
> can't confirm or deny this because I don't have access to the proxy
> logs at uni, but it seems not...
> 
> If not, I am having trouble seeing how this is supposed to be
> implemented by app developers as surely we don't want proxy addresses,
> usernames and passwords in possibly untrusted developer hands. Any
> thoughts? Beginning to think I am going to have to jailbreak again and
> install a local privoxy.
> 
> B.



More information about the Progsoc mailing list