
Add a Telnet server to your iOS app for field debugging and logging - swisspol
https://github.com/swisspol/GCDTelnetServer#
======
cbd1984
Because it looks like this actually is _telnet_ as opposed to ssh, let's make
one thing clear:

In telnet, everything is sent unencrypted. Even passwords. Especially
passwords. Telnet does not encrypt passwords. Passwords are sent in the clear.
Anyone snooping your traffic could read all of your passwords if you send them
over a telnet session.

I hope that was just enough verbiage to make certain at least one person gets
the message.

~~~
swisspol
Yes this is Telnet, not SSH and you certainly wouldn't want to ship it enabled
by default: it should be enabled on Debug builds only or have some explicit
switch for testers, etc...

The primary use of this library is for development and field debugging and for
that it can be very valuable: you can connect to your app (while it's running
of course) from pretty much any computer. There are also some use cases in
production that expose no security risks (apps are sandboxed after all and far
from every app deals with password or sensitive data).

~~~
tough-crowd
To quote Dr. Ian Malcolm: "Security holes find a way", I mean life.

------
thejosh
I can't wait for a massive security hole from some app using this..

~~~
swisspol
iOS apps are heavily sandboxed, have non-executable memory pages, can't even
run in the background, this library doesn't implement a shell at all, etc...
so what would be a "massive" security hole here?

Of course, it could be used poorly, like a number of other libraries (not
validating HTTPS certs anyone?), and introduce a security issue which would
only have an effect in apps that deal with sensitive data _and_ transmit said
data using this Telnet library.

IMO it's no different from running, say, an HTTP web server from an iOS app
which a number do.

------
kdbdallas
I think this is great! I am going to use this to create a debugging version of
my Mac app, for the times when I am at a loss for what is going on, I can have
the user install this version and then give me their IP address and I can have
a better way of seeing whats up. Thanks for sharing!

------
CodeWriter23
Thanks for sharing a really useful debugging tool. It's kind of funny how much
flack you are getting for posting this, when I read the subject line, I knew
it was intended only for development use.

~~~
swisspol
My pleasure! It's certainly been very _useful_ to me to have Telnet
capabilities into an iOS app, and same for coworkers I introduced this feature
to.

I think some people like to be all high and mighty about security issues and
derive pleasure from pointing out (often adamantly) what they see as flaws
while often these are expected and well understood side-effects, and in no way
"real" security issues.

------
mikek
What useful thing does this provide that the XCode debugger doesn't?

~~~
nasalgoat
It works remotely on customer's phones.

I mean, I get the utility, but it seems like a massive security hole.

