New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lockdown suggestions #294
Comments
Where would you rather the pairing records to be stored instead? Or do you mean to make it all non volatile entirely? We could also just write the SSL file as a temporary instead, but it helps for wireshark debugging. |
I mean, the pairing record doesn't have to be stored. If I understand correctly it's just a cache used to avoid asking for trust again. Since pairing records can give you access to personal info on the device, having the option to not store them on the filesystem would be nice. |
I see, Good point. |
You mean the Maybe some kind of another optional parameter Regarding the |
@vToMy what do you think of current implementation? as long as the SSL certificate is still stored there's no point in avoiding disk writes. The pyOpenSSL api isn't very friendly so if you have a working snippet feel free to PR it also |
Looking at The ability to specify certificates from memory seems to be a long-time requested feature: Anyway, I still think making the pairing record cache folder optional would be nice as preparation for the future. On another note - when we do store those files, it's probably better to allow some kind of encryption. Even python's |
Since this is an incomplete solution I only added a TODO note referring to this issue to avoid complicating the code with extra logic |
…flags lockdown: add additional pairing options (#294)
@doronz88 PR looks good. |
@doronz88 what do you think? I just don't like pairing records lying around on the filesystem. |
Assuming you already have one, you can use it instead of the locally stored. Also, while pairing, if usbmuxd supports it, it will store to filesystem also |
I understand the purpose. I'll repeat my suggestion: |
what do you think about 6c9cfc3? |
Great! Thanks. |
The text was updated successfully, but these errors were encountered: