NSSecureCoding Protocol Reference

Conforms to	NSCoding
Framework	/System/Library/Frameworks/Foundation.framework
Availability	Available in OS X v10.8 and later.
Declared in	NSObject.h

Overview

Conforming to the NSSecureCoding protocol indicates that an object handles encoding and decoding instances of itself in a manner that is robust against object substitution attacks.

Historically, many classes decoded instances of themselves like this:

id obj = [decoder decodeObjectForKey:@"myKey"];

if (![obj isKindOfClass:[MyClass class]]) {...fail...}

This technique is potentially unsafe because by the time you can verify the class type, the object has already been constructed, and if this is part of a collection class, potentially inserted into an object graph.

In order to conform to NSSecureCoding:

An object that does not override initWithCoder: can conform to NSSecureCoding without any changes (assuming that it is a subclass of another class that conforms).
An object that does override initWithCoder: must decode any enclosed objects using the decodeObjectOfClass:forKey: method. For example:
id obj = [decoder decodeObjectOfClass:[MyClass class]
forKey:@"myKey"];
In addition, the class must override its supportsSecureCoding method to return YES.

For more information about how this relates to the NSXPC API, see “Creating XPC Services” in Daemons and Services Programming Guide.

Tasks

Checking for Secure Coding Requirement

Class Methods

supportsSecureCoding

Returns whether the class supports secure coding. (required)

+ (BOOL)supportsSecureCoding;

Return Value

Return YES if your class supports secure coding, or NO otherwise.

Availability

Available in OS X v10.8 and later.

Declared In

NSObject.h

Did this document help you?

Shop the Apple Online Store (1-800-MY-APPLE), visit an Apple Retail Store, or find a reseller.