security - iOS network issue. TLS Session cache loophole -

-

I am facing a security problem for my iOS application. I am using HTTPS for all my network calls and the public certificate used is from a reliable authority, which has been bundled in the application to stop the main (REC) in the main attack. I am doing SSL pinning (confirming the certificate from the server before / before every network call) in Android, it works well in iOS, but there is a TLS session cache which validates the validity of the certificate after the network call Cache.

The certificate verification section works fine for the first network call, for 2 calls, the cache is used by OS and I am unable to confirm the certificate. My QA team can easily attack and get all data from network call for 2 more consecutive network calls. There is a reference to here: There seems to be no way to refresh the cash program.

Changing query parameters does not help, I've already tried, please provide iOS specific solutions. I can not encrypt my data for business reasons.

Edit: I am using the method described below to verify my certificate. This method is called by the OS for the first network call, this method is not being called for continuous calls. 

  willSendRequestForAuthenticationChallenge: (NSURLAuthenticationChallenge *) challenge   
 My QA team attacks MiTM only for every network call, they use their certificates And if any network call I do not verify the certificate, they can easily read the data. Due to the cache I am unable to verify my certificate.   
 
 
 The answer to this question is that this method will be called again if you switch your network The answer or result of authentication is continuous for one session and as long as the session is valid, the connection is secure. So just trust the method of structure and keep your communication safe.

Comments

Post a Comment

Popular posts from this blog

ios - Adding an SKSpriteNode to SKScene from a child SKSpriteNode -

-
I have a SKScene where I am adding an SKSpriteNode I have subclassed the SKSpriteNode class to create this node. In the subclass I am defining some SKActions on Sprite. What do I want to do when the end of this phantom ends the SKAction sequence, then I add a new Prayer node to this scene. How is this possible. The following code is mine: The code for the sequence is that I'm running on the Scansprinitode subclass (TEMissileNode): - SKAction * moveDown = [SKAction moveToY: Self.position.y - 20 Duration: 0.2]; SKAction * animation = [SKAction animateWithTextures: textures timePerFrame: time / 7]; SKAction * moveMissileProjectile = [SKAction Moving: Pointoffscreen Term: Time]; SKAction * group = [SKAction group: @ [animation, movement projectile]]; SKAction * Sequence = [SKAction Sequence: @ [Hilldown, Group, [SKAction removalFromParent]]]; [Self run action: sequence]; From the main scene, I call those actions that execute these tasks TEMissileNode * missile = [tmissil...
Read more

Matlab transpose a table vector -

-
An embarrassing simple question seems to be, but how can I move a Matlab table vector? aTableT = aTable '; I tried a standard syntax for the simple interaction of a line vector to a line vector aTable : ATableT = reshape (aTable, 1, Height (aTable)); and aTableT = rot90 (aTable); According to the head, the last time table should work for table, see. However, I get this error code: Error type in using table / permit (line 396) Undefined function 'permute' for the input arguments. Error in rot 90 (line 29) b = magnitude (b, [2 1 3: ndims (a)]); NB: fliplr is not useful either pretty sure I have covered clear angles - any ideas? Thanks! Try changing your table into an array, move it, then back to a table In other words, try doing this: aTableArray = table2array (aTable); ATableT = array 2table (aTableArray. '); I have also read the document for rot90 , and it says that rot90 is definitely working for tables Do, and I find you...
Read more

c# - Textbox not clickable but editable -

-
I have a small form with 10 text boxes, I have set them in the correct tab order. I want them on my tab service I was wondering if there is a way to set the text box so that they can be selected for editing until they are tabbed. That is ... I do not want the end user to edit the text box to click on them, I just want to make them editable through tabu. this should do the trick public partial category poor text box: Text Box {Safe Override Zero WndProc (Ref: Message Message) {if (m.msg == (Int) WM.LBUTTONDOWN) {Return; // mount down events} base.WndProc (ref m); }} Window message enum can be found. How to do this without anherizing: text box : class EatMouseDown: netwindows {safe override zero WndProc (ref message message) {if (m.msg == (int) WM.LBUTTONDOWN) {return; } Base.WandProc (Ref M); }} Safe Override Zero Onload (EventEurge E) {base.OnLoad (e); How to do this without any part: left a clean part, whatever is important, this can be a buggy but it works R...
Read more