Re: C string constant->NSString constant without defining twice?
Re: C string constant->NSString constant without defining twice?
- Subject: Re: C string constant->NSString constant without defining twice?
- From: Greg Parker <email@hidden>
- Date: Tue, 28 Apr 2009 11:52:13 -0700
On Apr 28, 2009, at 9:39 AM, Graham Lee wrote:
On 28/04/2009 16:51, "Stephen J. Butler" <email@hidden>
wrote:
On Tue, Apr 28, 2009 at 10:18 AM, Erik Buck
<email@hidden> wrote:
Don't hard code paths! Use NSHomeDirectory() or
NSTemporaryDirectory() or
NSSearchPathForDirectoriesInDomains().
Not only that, but hardcoding filenames in tmp directories is
generally considered a security bug. You should be using mktemp or
one
of its ilk. Not sure if there's a Cocoa API for that.
It's not only a security bug but a buggy bug. If you see what I
mean :-).
What happens if two users are fast-user-switching on the same box?
Both apps
are using the same temporary data...
The preferred solution is NSTemporaryDirectory(). As of Leopard it
returns a local access-controlled per-user directory. This avoids
security holes and user collisions. Recommended practice is to create
a subdirectory there named after your bundle identifier (i.e.
com.yourcompany.yourapp), in order to avoid collisions with other apps
and frameworks.
In Tiger and earlier, NSTemporaryDirectory() returns "/tmp". You'll
still need all of the traditional safety and security checks there.
--
Greg Parker email@hidden Runtime Wrangler
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden