On Dec 30, 2009, at 5:15 PM, Mr. Gecko wrote: > On Dec 30, 2009, at 5:06 PM, Ken Thomases wrote: > >> On Dec 30, 2009, at 3:56 PM, Mr. Gecko wrote: >> >>> I am using Apple's SFAuthorizationView to find out if the user is an >>> administrator. If they are an admin, I allow them to modify the settings, >>> when they save I am saving the settings in AES with 2 keys, 1 randomly >>> generated and saved in AES encrypted by the first key and the other in the >>> binary. Although nobody has cracked it yet, I can't have the first key in >>> the open. >> >> The question is: is the AES encryption stuff central to what you're trying >> to achieve, or is it just your way of enforcing the parental controls? >> >> If it's the latter, then you may be able to ditch the encryption scheme >> entirely and use Authorization Services to replace it as the means for >> implementing parental controls. Authorization Services is not _just_ about >> proving that a user is an administrator or acquiring system privileges. You >> can also use it to make a self-restricted app, like one which implements >> parental control. > > So are you saying I could use authorization service to store things with the > user's authorization and get them back without the user's authentication?
You can store a very limited, specific kind of thing: right entries in the authorization policy database. You can then use those to govern the behavior of your program for other (non-admin) users. > Basically my means of AES is to prevent the user from changing the settings > without the application and being an administrator. Again, it's not clear to me if the settings in question are _just_ the parentally-controlled policies of who can do what within your software or if it's something else. If you're just looking for a means to let a parent configure access settings that control what kids can do with your software, then Authorization Services can work for that. Another interpretation of what you just said is that you just want to store some data when the parent is running your app but, when a kid is running it, to have them be able to read but not modify that data. If that's all you want, then you can use administrator privileges to write a file that has everyone-read, only-admin-write permissions. I don't see why you'd need encryption for that. Frankly, the authopen tool should suffice. > If so, is there an example app I can look into and figure it out? http://developer.apple.com/Mac/library/samplecode/AuthForAll/index.html Regards, Ken _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
