我可以使用 Realm 来存储所有数据,还是应该使用 NSUserDefaults 来存储 username/password?
Can I use Realm for all data storage, or should I use NSUserDefaults for storing username/password?
我有一个具有 username/password 登录名的应用程序。登录后,用户应保持登录状态直到注销,即即使没有连接,用户仍保持登录状态。
目前我正在对用户进行身份验证,但我无法让他们保持登录状态。我应该将用户详细信息存储在 NSUserDefaults 中以便在启动时登录,还是有办法让用户仅使用 Realm 保持登录状态?
提前致谢!
SyncUser.logIn(with: userCredentials, server: (url! as URL)) { user, error in
guard user != nil else {
// Handles error
}
DispatchQueue.main.async {
let configuration = Realm.Configuration(
syncConfiguration: SyncConfiguration(user: user!, realmURL: URL(string: "realm://127.0.0.1:9080/~/realmtasks")!)
)
Realm.Configuration.defaultConfiguration = configuration
self.performSegue(withIdentifier: "logInSegue", sender: self)
}
}
更新:也许我的问题的答案是 Apple Keychain?
您可以考虑将此用于在钥匙串中保存凭据。只需要创建一个 Objective-c 文件并将其导入到项目的 Bridging-header-file 中。
.h
#import <Foundation/Foundation.h>
@interface KeychainUserPass : NSObject
+ (void)save:(NSString *)service data:(id)data;
+ (id)load:(NSString *)service;
+ (void)delete:(NSString *)service;
@end
.m
#import "KeychainUserPass.h"
@implementation KeychainUserPass
+ (NSMutableDictionary *)getKeychainQuery:(NSString *)service {
return [NSMutableDictionary dictionaryWithObjectsAndKeys:
(__bridge id)kSecClassGenericPassword, (__bridge id)kSecClass,
service, (__bridge id)kSecAttrService,
service, (__bridge id)kSecAttrAccount,
(__bridge id)kSecAttrAccessibleAfterFirstUnlock, (__bridge id)kSecAttrAccessible,
nil];
}
+ (void)save:(NSString *)service data:(id)data {
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
SecItemDelete((__bridge CFDictionaryRef)keychainQuery);
[keychainQuery setObject:[NSKeyedArchiver archivedDataWithRootObject:data] forKey:(__bridge id)kSecValueData];
SecItemAdd((__bridge CFDictionaryRef)keychainQuery, NULL);
}
+ (id)load:(NSString *)service {
id ret = nil;
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
[keychainQuery setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecReturnData];
[keychainQuery setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];
CFDataRef keyData = NULL;
if (SecItemCopyMatching((__bridge CFDictionaryRef)keychainQuery, (CFTypeRef *)&keyData) == noErr) {
@try {
ret = [NSKeyedUnarchiver unarchiveObjectWithData:(__bridge NSData *)keyData];
}
@catch (NSException *e) {
NSLog(@"Unarchive of %@ failed: %@", service, e);
}
@finally {}
}
if (keyData) CFRelease(keyData);
return ret;
}
+ (void)delete:(NSString *)service {
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
SecItemDelete((__bridge CFDictionaryRef)keychainQuery);
}
@end
用法:
保存:KeychainUserPass.save("email", data: self.YOUR_TEXT_FIELD.text!)
加载:YOUR_STRING = KeychainUserPass.load("email") as? String
删除:KeychainUserPass.delete("email")
您不应该在NSUserDefault中存储密码或任何敏感信息,通过使用一个简单的文件管理器您可以读取其中存储的所有数据,这确实不安全。
您甚至不需要数据库或类似的东西。存储敏感信息的正确位置是您设备的钥匙串。
github 上有很多库可以帮助您使用它。
请注意,您保存在钥匙串中的内容即使在您删除应用程序后也会保留。
我有一个具有 username/password 登录名的应用程序。登录后,用户应保持登录状态直到注销,即即使没有连接,用户仍保持登录状态。
目前我正在对用户进行身份验证,但我无法让他们保持登录状态。我应该将用户详细信息存储在 NSUserDefaults 中以便在启动时登录,还是有办法让用户仅使用 Realm 保持登录状态?
提前致谢!
SyncUser.logIn(with: userCredentials, server: (url! as URL)) { user, error in
guard user != nil else {
// Handles error
}
DispatchQueue.main.async {
let configuration = Realm.Configuration(
syncConfiguration: SyncConfiguration(user: user!, realmURL: URL(string: "realm://127.0.0.1:9080/~/realmtasks")!)
)
Realm.Configuration.defaultConfiguration = configuration
self.performSegue(withIdentifier: "logInSegue", sender: self)
}
}
更新:也许我的问题的答案是 Apple Keychain?
您可以考虑将此用于在钥匙串中保存凭据。只需要创建一个 Objective-c 文件并将其导入到项目的 Bridging-header-file 中。
.h
#import <Foundation/Foundation.h>
@interface KeychainUserPass : NSObject
+ (void)save:(NSString *)service data:(id)data;
+ (id)load:(NSString *)service;
+ (void)delete:(NSString *)service;
@end
.m
#import "KeychainUserPass.h"
@implementation KeychainUserPass
+ (NSMutableDictionary *)getKeychainQuery:(NSString *)service {
return [NSMutableDictionary dictionaryWithObjectsAndKeys:
(__bridge id)kSecClassGenericPassword, (__bridge id)kSecClass,
service, (__bridge id)kSecAttrService,
service, (__bridge id)kSecAttrAccount,
(__bridge id)kSecAttrAccessibleAfterFirstUnlock, (__bridge id)kSecAttrAccessible,
nil];
}
+ (void)save:(NSString *)service data:(id)data {
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
SecItemDelete((__bridge CFDictionaryRef)keychainQuery);
[keychainQuery setObject:[NSKeyedArchiver archivedDataWithRootObject:data] forKey:(__bridge id)kSecValueData];
SecItemAdd((__bridge CFDictionaryRef)keychainQuery, NULL);
}
+ (id)load:(NSString *)service {
id ret = nil;
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
[keychainQuery setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecReturnData];
[keychainQuery setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];
CFDataRef keyData = NULL;
if (SecItemCopyMatching((__bridge CFDictionaryRef)keychainQuery, (CFTypeRef *)&keyData) == noErr) {
@try {
ret = [NSKeyedUnarchiver unarchiveObjectWithData:(__bridge NSData *)keyData];
}
@catch (NSException *e) {
NSLog(@"Unarchive of %@ failed: %@", service, e);
}
@finally {}
}
if (keyData) CFRelease(keyData);
return ret;
}
+ (void)delete:(NSString *)service {
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
SecItemDelete((__bridge CFDictionaryRef)keychainQuery);
}
@end
用法:
保存:KeychainUserPass.save("email", data: self.YOUR_TEXT_FIELD.text!)
加载:YOUR_STRING = KeychainUserPass.load("email") as? String
删除:KeychainUserPass.delete("email")
您不应该在NSUserDefault中存储密码或任何敏感信息,通过使用一个简单的文件管理器您可以读取其中存储的所有数据,这确实不安全。
您甚至不需要数据库或类似的东西。存储敏感信息的正确位置是您设备的钥匙串。
github 上有很多库可以帮助您使用它。
请注意,您保存在钥匙串中的内容即使在您删除应用程序后也会保留。