NSSecureCoding - Infinite Lexicon - Infinite Lexicon

NSSecureCoding

NSSecureCoding is a protocol in Apple's Foundation framework that extends NSCoding to require secure decoding of serialized objects. It aims to prevent object substitution attacks by ensuring that only objects of expected classes are unarchived, particularly when data originates from untrusted sources or is stored on disk.

To adopt NSSecureCoding, a class must conform to the protocol and implement the required methods. In Objective-C,

Security implications and usage guidelines: NSSecureCoding reduces the risk of instantiating unexpected or malicious classes during

History and scope: NSSecureCoding was introduced as part of Apple’s security enhancements for NSKeyedArchiver/NSKeyedUnarchiver, with support

+

(BOOL)supportsSecureCoding

-initWithCoder:

-encodeWithCoder:,

supportsSecureCoding

decodeObjectOfClass:forKey:

decodeObjectOfClasses:forKey:

a

NSSecureCoding,

a

supportsSecureCoding:

{

}.

a

deserialization.

NSKeyedArchiver,

NSKeyedUnarchiver.