[Mono-osx] secure html file in app
aaron.oneal at spicypixel.com
Tue Dec 18 18:33:37 UTC 2012
Keep in mind that using encryption to obfuscate the data at rest may not
be sufficient for all situations. Depending on how this approach is
implemented one can attach a debugger to retrieve the decrypted HTML
from memory. If an interested party has physical access to the device
and app while doing the decrypting, the data is not safe.
If you trust your users not to do this and are requiring authentication
before decrypting, then this could work if you don't ship the encryption
keys with your app but instead release them over a secure channel after
authentication and clear them when not in use. If you can't trust your
users with the content, or if you ship the encryption keys with your
app, then an attacker already has what they need.
> One approach would be:
> 1) Encrypt your HTML text and store it as an embedded resource file.
> 2) Decrypt the encrypted HTML from the resource into memory on on the fly in
> your app when you need it.
More information about the Mono-osx