Protocol

NSSecureCoding

A protocol that enables encoding and decoding in a manner that is robust against object substitution attacks.

Declaration

@protocol NSSecureCoding

Overview

Historically, many classes decoded instances of themselves like this:

id obj = [decoder decodeObjectForKey:@"myKey"];
if (![obj isKindOfClass:[MyClass class]]) { /* ...fail... */ }

This technique is potentially unsafe because by the time you can verify the class type, the object has already been constructed, and if this is part of a collection class, potentially inserted into an object graph.

In order to conform to NSSecureCoding:

  • An object that does not override initWithCoder: can conform to NSSecureCoding without any changes (assuming that it is a subclass of another class that conforms).

  • An object that does override initWithCoder: must decode any enclosed objects using the decodeObjectOfClass:forKey: method. For example:

    id obj = [decoder decodeObjectOfClass:[MyClass class]
                forKey:@"myKey"];
    

    In addition, the class must override the getter for its supportsSecureCoding property to return YES.

For more information about how this relates to the NSXPC API, see Creating XPC Services in Daemons and Services Programming Guide.

Topics

Checking for Secure Coding

supportsSecureCoding

A Boolean value that indicates whether or not the class supports secure coding.

Required.

Relationships

Inherits From

Conforming Types

See Also

First Steps

NSCoding

A protocol that enables an object to be encoded and decoded for archiving and distribution.