there great post on stackoverflow implementing in-app purchases receipt validation. warns not use code as-is security reasons. sentiment found in many tutorials , apple documentation. example, mentions not this:
if (failedvalidation) { exit(173); } that great, how supposed this? in example verify receipt valid or invalid , exit when invalid.
i saw lots of lists of do's , do-not's, not many examples or ideas on instead. example use opague predicate, wikipedia mentions not 1 concrete example.
i understand shouldn't using same code, pointers (or way of thinking on topic) useful. hoping kind enough handwalk beginners me through best practices on this. thanks!
if doing receipt validation @ all, ahead of curve. if wanted add opaque predicates boilerplate code, this:
@property (nonatomic, assign) bool opaque; - (instancetype)init { ... _opaque = yes; ... } - (bool)someverifymethod { if (self.opaque) { ... } else { // fake block } } honestly though, wait , see if have real problem before fixing -- it's cost / benefit calculation , while using same code theoretically poses problem, it's not clear @ risk of exploit particularly high.
undoubtedly opinions differ on this, it's business decision as engineering one.
Comments
Post a Comment