Re: Cocoa-dev Digest, Vol 2, Issue 95
Re: Cocoa-dev Digest, Vol 2, Issue 95
- Subject: Re: Cocoa-dev Digest, Vol 2, Issue 95
- From: Tim Hewett <email@hidden>
- Date: Fri, 21 Jan 2005 19:50:04 +0000
Hello,
A list exists specifically for this topic: email@hidden.
Regards,
Tim.
On 21 Jan 2005, at 16:50, email@hidden wrote:
M. Uli Kusterer wrote:
When it comes to security I'd rather rely on Apple's code that's
been used in hundreds of projects than on me myself writing bug-free
and un-exploitable code.
I just wish there was more explanation of details. For instance, from
what I've studied of MoreAuthSample, it seems that someone could
substitute a malicious template in the app bundle and thus cancel out
any security protections that the template/copy approach gains you.
Unless the user (even an admin user) knows what he/she is authorizing
(a malicious helper will appear no different than the original when
authorizing), he/she could unwittingly authorize some nasty things to
happen. I hope I'm just misunderstanding how things work that that
somebody can provide the one bit of information that clears it up for
me.
Users can use the keychain to authorize my helper once without the
hassle of having to re-enter the password every time.
How does this work in practice? How do you get Authorization Services
to check the Keychain first before prompting the user for a password?
That will even ask them to re-authorize when the app is modified.
Sounds safer to me.
Does this mean that the modification times on all of the folders in
the app bundle are checked? If so, that would take care of the
malicious template substitution problem.
There's just so much information scattered all over the place on
Apple's developer site that it's very difficult to sort everything
out.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden