In order to make library secure, I would limit the amount of places we expose database passphrase to external environment. Since in makeStoreWithOptions:managedObjectModel:error we use options for both, os-level file attributes and a mechanism for passing a passphrase for db encryption, I suggest removing passphrase (and file path) information from attributes set on database file.
It is not security issue, since -NSFileManager:setAttributes:ofItemAtPath:error has predefined keys that can be used as file attributes and ignores other, but I find it a good practise not to expose such a critical information as passphrase, when not necessary.
In order to make library secure, I would limit the amount of places we expose database passphrase to external environment. Since in
makeStoreWithOptions:managedObjectModel:error
we useoptions
for both, os-level file attributes and a mechanism for passing a passphrase for db encryption, I suggest removing passphrase (and file path) information from attributes set on database file.It is not security issue, since
-NSFileManager:setAttributes:ofItemAtPath:error
has predefined keys that can be used as file attributes and ignores other, but I find it a good practise not to expose such a critical information as passphrase, when not necessary.