Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Using the security framework

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using the security framework

Subject: Re: Using the security framework
From: Michael Ash <email@hidden>
Date: Sat, 24 Jan 2009 21:29:24 -0500

On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson <email@hidden> wrote:
> Among other things, to be truly secure you must use a secure installation
> mechanism.  Do not write your own install tool — it can't be made secure
> without itself being installed via a secure installation mechanism.
>  Instead, use Installer.app for your installations since it's included with
> the operating system and not modifiable with normal user privileges.

I'm afraid I don't understand this advice. Could you explain what sort
of vulnerability would exist in a custom install tool that would not
exist when using Installer.app to install a custom package?

Mike
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: Using the security framework
  - From: Kyle Sluder <email@hidden>
- Re: Using the security framework
  - From: Chris Hanson <email@hidden>

References:
	>Using the security framework (From: Joe Turner <email@hidden>)
	>Re: Using the security framework (From: Chris Hanson <email@hidden>)
	>Re: Using the security framework (From: Joe Turner <email@hidden>)
	>Re: Using the security framework (From: Chris Hanson <email@hidden>)

Prev by Date: Re: NSCaledarDate's deprecation
Next by Date: Re: NSRunloop performSelector needs CFRunLoopWakeUp ?
Previous by thread: Re: Using the security framework
Next by thread: Re: Using the security framework
Index(es):
- Date
- Thread