Beginning Objective-C pdf - EBook Free Download

CHAPTER 6: Networking: Connections, Data, and the Cloud 171}// Note that it's perfectly valid to send an empty password. It's up to the server// to decide whether that's allowed upon receipt.NSURLCredential * credential = [NSURLCredential credentialWithUser:userpassword:passpersistence:NSURLCredentialPersistenceForSession];[[challenge sender] useCredential: credentialforAuthenticationChallenge: challenge];In cases where authentication is based upon server-side and client-side certificates, it ispossible to initialize an NSURLCredential instance with a certificate chain and identity or byindicating that you have chosen to trust a secure identity provided by the server. In somecases, both of these may be required in separate steps: first you choose whether to trustthe server, then you provide a secure identity so the server can decide if it trusts you.URL Connection Data HandlingWhen you implement an object confirming to the NSURLConnectionDataDelegate protocol,you can monitor or affect four areas of the transaction:• You can allow, deny, or modify any requests sent as a result ofreceiving a redirection request (only appropriate for certain protocols).• You can observe and store the parsed URL response (an instanceof NSURLResponse or its subclass NSHTTPURLResponse), handle packetsof data as they arrive, and be notified when the connection hascompleted all its work.• You can monitor the flow of data sent in the body of a request and provide anew copy if required to resend.• You can affect the storage of a URL response in the URL system’s responsecache by allowing or denying it or by modifying or replacing a proposedNSCachedURLResponse object.All of these methods are optional. In most cases, you’ll likely only implement-connection:didReceiveData: and -connectionDidFinishLoading:. Among the commonreasons for implementing the confirmation methods, however, is to implement some basicsecurity checking. For example, Listing 6-4 shows implementations of the redirectionhandler and caching handler, which think about security considerations.Listing 6-4. Security Considerations in NSURLConnectionDataDelegate- (NSURLRequest*)connection:(NSURLConnection*)connectionwillSendRequest:(NSURLRequest*)requestredirectResponse:(NSURLResponse*)response{// we know the server we're talking to, and it will never send us elsewhere// therefore, we do NOT accept redirects to a different hostNSString *responseHost = [[response URL] host];NSString *newRequestHost = [[request URL] host];if ( [responseHost isEqualToString: newRequestHost] == NO )www.it-ebooks.info