On Tue, 28 Apr 2009 09:54:29 +0100, "Phil Endecott" <spam_from_boost_dev@chezphil.org> wrote:
You wrote in another message that "anyone unable to bypass the methods suggested would be unable to bypass a plain text target". I do not agree. An app that implements any trivial form of defense against this one cracking app will be safe from 99% of the crackers. Obfuscating the string test in the trivial defense will make it safe from the 99% of the rest and from the "next version" of the cracking app. The decision as to whether to expend the effort (or spend the money) to try to defend against the determined 0.001% who are left is up to the developer.
In the security business we say "you're secure if breaking the protection is more expensive than the protected". I don't know about the iPhone application but I would agree that a simple security defence that protects against automated hacks is worth implementing if its distributed cost (ie cost of the security measure per application) is negligible. However you need to realize that if your application is popular it will be warezed, whatever you do. Spending too much money on protection is a waste. You'll have more fun and make more money in spending that time on features. -- EA