In the plist we need to mention the URL which is accessible public. Is it possible to keep that out of web root so that no one can hit that path using web browser. This means I want to keep .ipa not accessible through a web URL.
Asked
Active
Viewed 245 times
1 Answers
1
That's not possible, unless you do something like have the URL point to a script which goes off and reads from the IPA outside the web root and then spits it out. But that would still mean people could access it.
Basically, if you expect an iOS device to be able to access the file, then anyone can just inspect the plist and get the URL and download the IPA directly. Remember though, they can't really do much with it. Why don't you just block access to the plist file to only authorised people?
mattjgalloway
- 34,792
- 12
- 100
- 110
-
"hide the plist" may be defense but not a solution. – Varun Apr 25 '12 at 13:45
-
But the point is, your iPhone has to be able to download the file, so anyone can just read that plist and extract the URL and hit it themselves. Unless you lock by IP or something but that was outside of the scope of this question. – mattjgalloway Apr 25 '12 at 19:56