NSSecureCoding
Conforming to the NSSecureCoding
protocol indicates that an object handles encoding and decoding instances of itself in a manner that is robust against object substitution attacks.
protocol NSSecureCoding : NSCoding
Browse conforming typesHistorically, many classes decoded instances of themselves like this:
if let object = decoder.decodeObject(forKey: "myKey") as? MyClass {
...succeeds...
} else {
...fail...
}
This technique is potentially unsafe because by the time you can verify the class type, the object has already been constructed, and if this is part of a collection class, potentially inserted into an object graph.
In order to conform to NSSecureCoding
:
An object that does not override
init(coder:)
can conform toNSSecureCoding
without any changes (assuming that it is a subclass of another class that conforms).An object that does override
init(coder:)
must decode any enclosed objects using thedecodeObject(of:forKey:)
method. For example:let obj = decoder.decodeObject(of: MyClass.self, forKey: "myKey")
In addition, the class must override its
NSSecureCoding
method to returntrue
.