• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Encrypting Binary Strings
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypting Binary Strings

  • Subject: Re: Encrypting Binary Strings
  • From: Ken Thomases <email@hidden>
  • Date: Wed, 30 Dec 2009 18:01:58 -0600
On Dec 30, 2009, at 5:42 PM, Mr. Gecko wrote:

> On Dec 30, 2009, at 5:33 PM, Ken Thomases wrote:
>
>> On Dec 30, 2009, at 5:15 PM, Mr. Gecko wrote:
>>>
>>> So are you saying I could use authorization service to store things with the user's authorization and get them back without the user's authentication?
>>
>> You can store a very limited, specific kind of thing: right entries in the authorization policy database.  You can then use those to govern the behavior of your program for other (non-admin) users.
>
> Basically the only thing I need to store is strings for like if safe search is enabled, or if the user can view things that has adult content.

This sounds like exactly what Authorization Services is for.

You should really read the tech note and the sample code, but here's my explanation:

You identify the areas of your app where you need to decide "is this allowed or not?"  For each independent allowable action (or set of actions), you pick a name, using reverse-DNS-style names to keep yours unique.  These names are for "rights".  Some predefined rights you may already be familiar with because they represent system privileges.  However, you may create any new rights you like just by inventing a name for them.

In your app's code, at each place where the app has to either allow or disallow an action, you attempt to obtain the right using your made-up name.  If it succeeds in obtaining the right, your app should allow the action; otherwise, disallow it.  By default, since the system doesn't know about your rights, obtaining them will require administrator privileges.

So, where's the part where a parent gets to enable actions for kids who don't have administrator privileges?  Your app does that by adding new entries in the system's policy database for your made-up rights.  To add those entries requires administrator privileges, which is why only a parent (or admin) can do it.  But the parent can add a policy giving all users from a particular group the ability to obtain any of the rights you've made up.  (The parent doesn't have to know anything about the policy database or rights or whatever.  Your app does that, but uses the parent's administrator authorization to do so.)

Regards,
Ken

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Encrypting Binary Strings (From: "Mr. Gecko" <email@hidden>)
 >Re: Encrypting Binary Strings (From: Todd Heberlein <email@hidden>)
 >Re: Encrypting Binary Strings (From: "Mr. Gecko" <email@hidden>)
 >Re: Encrypting Binary Strings (From: Ken Thomases <email@hidden>)
 >Re: Encrypting Binary Strings (From: "Mr. Gecko" <email@hidden>)
 >Re: Encrypting Binary Strings (From: Ken Thomases <email@hidden>)
 >Re: Encrypting Binary Strings (From: "Mr. Gecko" <email@hidden>)
 >Re: Encrypting Binary Strings (From: Ken Thomases <email@hidden>)
 >Re: Encrypting Binary Strings (From: "Mr. Gecko" <email@hidden>)

  • Prev by Date: Re: AddressBook ABMultiValue -labelAtIndex:
  • Next by Date: Re: testing email code in the simulator (MFMailComposeViewControllerDelegate)
  • Previous by thread: Re: Encrypting Binary Strings
  • Next by thread: Re: Encrypting Binary Strings
  • Index(es):
    • Date
    • Thread