You misunderstand: I DON'T want different user processes communicating with each other. I was worried that I've have to do something extraordinary to prevent this from happening, but apparently Mach ports taken care of that for me.
And opening any kind of service port creates a potential security hole between users. If Mach ports prevent users from communicating or seeing services created by other users, then that's exactly what I want.
I fully intend to use IP ports and Bonjour for intra-machine communications, but only for those services that are intra-machine.
I understand, but if you had to run your service as root to allow Mach
port connections from any user (which I previously thought based on
what you'd said) that seemed like a much higher risk than a service on
localhost running without privileges. You'd probably need an
authentication layer anyway if you're using IP for other stuff, so I
figured it would be less work than supporting two approaches.
Thankfully though, that's not the case with launchd, as you
discovered, so I think you should be fine with this approach. Just
make sure you thoroughly test and understand the Mach permission model
if you want to use it as the only basis for auth, though :)
J.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/email@hidden
