Explore
For Enterprise
Join for Free
Log In

艺术与人文
商务
计算机科学
数据科学
信息技术
健康
数学和逻辑
个人发展
物理科学与工程
社会科学
语言学习
MathWorks
Achieve practical results in data science using MATLAB
Learn in-demand skills you can use in any industry, like data visualization, analysis, and more.
University of Colorado Boulder
New $20,000 Master of Science in Electrical Engineering
Earn the same diploma as on-campus students. Performance-based entry, no application required.
學位
證書

瀏覽 Coursera 的全部課程

瀏覽
Top Courses
企業版
登錄
免費加入

NSAppTransport in iOS 9

Loading...

iOS 应用的网络与安全

加州大学尔湾分校

4.6（240 個評分） | 12K 名學生已註冊

課程 2（共 6 門，面向创意企业家的 iOS 开发專項課程）

You will learn to extend your knowledge of making iOS apps so that they can securely interact with web services and receive push notifications. You'll learn how to store data securely on a device using Core Data. You’ll also learn to securely deploy apps to the App Store and beta users over-the-air. The format of the course is through a series of code tutorials. We will walk you through the creation of several apps that you can keep as a personal app toolbox. When you make your own apps after this course, you can bring in these capabilities as needed. When necessary we pop out of the code tutorials to talk about concepts at a higher level so that what you are programming makes sense. Upon completing this course, you will be able to: 1. Post Facebook, Twitter, Sina Weibo, Tencent Weibo messages to social media using single sign-on on behalf of a user. 2. Use OAuth 2.0 to securely authenticate to Instagram and retrieve photos on behalf of a user 3. JSON 4. Describe JSON’s syntax 5. Write well-formed JSON 6. Work with JSON data objects in Objective-C 7. Appropriately set the security settings for App Transport Security in iOS 9.0 8. Use http, https and https with perfect forward secrecy to fetch web resources 9. Obtain permissions to receive local push notifications 11. Write an app that can send and receive local push notifications 12. Obtain permissions to receive remote push notifications 13. Write an app that can receive remote push notifications 14. Authenticate using Apple’s cryptographic services such that the developer can use 3rd party infrastructure to send remote push notifications to their app. 15. Securely store data on the user’s device. 16. Authenticate using Apple’s cryptographic services such that they can deploy an app to the app store

查看授課大綱

審閱

4.6（240 個評分）

5 stars
176 ratings
4 stars
38 ratings
3 stars
15 ratings
2 stars
6 ratings
1 star
5 ratings

SR

Apr 25, 2016

Great course, cuts right to the chase. I'm reviewing the lessons which I hope never turns off. thanks Coursera

SM

May 17, 2017

Don Patterson does a great job introducing you to two essential iOS frameworks, notifications and CoreData.

從本節課中

Using Secure Web APIs: an Instagram Case Study

Now it's time to consider what we are going to do if we want to work with web services that aren't deeply integrated into iOS. There are hundreds (thousands?!?!) of them. Most of them require authentication via the OAuth 2.0 protocol. In this week's lessons we will walk through an example of getting a photo from Instagram on behalf of a user. This week is also a code tutorial in preparation for your peer review assignment, but in the middle we need to step back from coding to cover some basics: How do we use a UIImageView? What is OAuth 2.0 anyway? What is JSON and how do we read it? What's the big deal about http vs https anyway?

NSAppTransport in iOS 910:26

Network Security Considerations22:16

Getting data with NSURLSession10:26

Calling and Parsing API JSON data7:38

教學方

Don Patterson
Associate Professor
Sam Kaufman
Partner at Gradient

腳本

[MUSIC] When we got that callback from Instagram, we saw that there was kind of an error and the error had to do with the fact that we hadn't allowed our application to request information from insecure web services. And this is a change that has taken place in iOS 9 that we first saw in course one. The basic change at a high level is that Apple's trying to secure and enforce a high level of security on the internet. And the way their doing that is by turning off insecure access to the internet by default, so it's not possible by default to access web services. For example, those that are using HTTP unencrypted scheme on the internet and even if you use the encrypted scheme, HTTPS, it has to be a very high-level of security, one that implements forward secrecy in order to make that connection without any changes. Now, not all web services are secure, but this is the default behavior as of iOS 9 and OSX 10.11. The details are available in this URL. If you want to see all the details of which ciphers and which protocols are supported, that's available on the developer website. In the mean time though, we have to figure out how are we gonna transition, because not all web services are strong enough. How strong does it need to be? Well, the server has to support the web server, so Instagram, in our case, has to support at least Transport Layer Security protocol 1.2. Connection ciphers have to provide forward secrecy. Certificates that identify the domain names have to be signed using a SHA256 or greater hash algorithm. And invalid certificates prevent any kind of access at all. What if the web service isn't secure? One option you have is not to use it, because it's not secure and as a result the information that is transferred across the Internet tops the part that's not secure but travels between your client and the server that transition is not secured. So you might not wanna use it. Another option is to load an exception. This is something hat you do on your device and you say okay, I recognize all services are strong as I like them to be, I'm going to allow an exception. You can either allow a blanket exception so that you can access anything this is what we did in course one or you can allow a modified exception to only be able to access a certain subset of URLs that don't exhibit perfect forward secrecy. So here's a table from that tech note. And if we wanted to enable our app to access everything on the Internet regardless of transport security, we would change Info.plist to have an NSAppTransportSecurity dictionary with one element in it, which is NSAllowsArbitraryLoads with the value of YES. That's what we did in the first course. In this example, what we're gonna do is we're gonna make specific exceptions for Instagram's websites. So in this case we're going to have ns app transport security dictionary added to our info p list and we're going to add ns exception domains. We're going to use cdn Instagram.com. CDN stands for contribution distribution network it's caching for their data. And we're also gonna use api.instagram.com to enable our app to make certain kinds of calls to those two domains. For each of those entries, we're going to make an exception to needing to reuse forward secrecy because those domains use HTTPS, but they use servers that aren't strong enough, and then we're going to allow subdomains, meaning that any file path after cdninstagram.com will also be exempted. All right, so that's what's going on, Apple is now secure by default, web services may not be and if you want to use them you're gonna need to add an exception info.plist. All right, let's try and do that. All right, so what we're gonna need to do is we're gonna need to access info p list and we know we're gonna need to add a new row and that row is gonna be. Nope sorry, we're not gonna add it to that key you gotta be careful. That was only head before remove that all right, add a new row to our parent and it's going to be NSA App Transport Security, okay and that's going to be a dictionary. All right, and now I'm gonna go back and look at my notes because last time I got the exact spelling not correct and that caused me some problems so let's go back and look at our notes. Okay, we're looking at NSExceptionDomains, that's the next thing that we want, okay? So let's add NS exception domains this is also gonna be a dictionary, then we're going to add cdninstagram.com. That's going to be a dictionary. And we're gonna add another one. And that's gonna be api.instagram.com. And that's going to be a dictionary. And we're going to say we want NS allow subdomains. Now that's gonna be a boolean. We're gonna make it yes. And we're going to allow. NS allow subdomains. That didn't get entered as an element. That got entered as another key. Move that, and CDN Instagram.com. Great. So, that's gonna be a dictionary. That's gonna be a dictionary. We're gonna add NS allow sub domains. That's gonna be boolean. NS allow sub domains. And that's going to be, oops, what'd I do wrong again? I didn't add it, it's tricky that you have to be careful to open it. Okay, so now let's make sure that we have the right key value pairs that are in here. Started doing in and x code crashed so we're just gonna pick up from there. All right so we know that ns ab transport security I'm looking from here to here that's right it's a dictionary. The first thing we enter in is, NS exception domains, that's right. This is not nested and this is not nested. We want a nested element such as cdninstagram.com and that's going to be a dictionary. And we want another domain to be, have an exception, that's gonna be API.instagram.com. We know that's gonna be a dictionary as well. Okay, we're gonna open that accordion. And then within api.instagram.com we want NSException requires forward Secrecy. And make that a boolean and no. Gonna open this accordion and add the same property to this domain. Boolean and no, great. Now we're gonna add another property to api.instagram, which is NSIncludes sub domains, and that's gonna be Boolean, yes. Add another element here, and that's going to be Boolean, and yes. All right, so now if we've spelled everything right, NS includes sub domains, there's an s on there, that matters. [SOUND] There's an "s" on there, that matters. NS includes sub domains, yes. NS exception requires forward. Secrecy, no. Ns exception domains. Ns app transport security, all right. Okay, so now, when we run it, you wait for simulator. When your simulator comes up, we should be able to successfully access Instagram without having anything crash. Okay, we're going to Instagram to authenticate, so far so good. We received a callback, stream has been reopened after close I think everything's good. I added some code in here. One Instagram account is logged in, everything's great. All right so we've successfully registered our callback we've successfully gotten rid of our NS app transport main restrictions. Now it's time to get the data from our callback and actually load in image from our Instagram feed, all right, that's next. [MUSIC]

探索我們的目錄

免費加入並獲得個性化推薦、更新和優惠。

Coursera 致力於普及全世界最好的教育，它與全球一流大學和機構合作提供在線課程。

© 2019 Coursera Inc. 保留所有權利。

通過 Google Play 獲取

Coursera
關於
管理團隊
工作機會
目錄
證書
MasterTrack™ 證書
學位
企業版
政府版
面向校園

社區
Learners
Partners
Developers
Beta Testers
Translators

連接
博客
Facebook
領英
Twitter
Instagram
YouTube
技術博客

更多
條款
隱私
幫助
內容訪問
媒體
聯繫我們
目錄
附屬公司