Begin forwarded message:
From: David Delmonte <ddelmo...@mac.com> Subject: Re: Can I Hide / Show an NSTextField / NSSecureTextField in Cocoa? Date: February 9, 2014 at 9:52:41 AM EST To: SevenBits <sevenbitst...@gmail.com> Maybe I'm misunderstanding what I need to do. Essentially, I want the user to type an admin password before showing their app password. If I cant do this and get my app approved, I will think of something different. If I can do this, I'd appreciate ideas as to how to do it. Thanks! Apple's MAS review guidelines state that apps that attempt to elevate permissions to root (ergo, apps that use the Authentication API) will be rejected. So it's a safe bet to assume that it won't be accepted. > > On Feb 8, 2014, at 7:26 PM, Jens Alfke <j...@mooseyard.com <javascript:;>> > wrote: > > > On Feb 8, 2014, at 2:51 PM, David Delmonte <ddelmo...@mac.com<javascript:;>> > wrote: > >> Yep, I'm implementing "EvenBetterAuthorizationSample" code now. Does > make me sad to have to do this. I help older people use technology. They > are always forgetting their passwords. Just trying to help.. > > The best way to do this would be to write a friendlier app similar to > Keychain Access. I use that app all the time to look up passwords, but it > takes a number of steps to do so and it's not terribly intuitive. > > Browsers are pretty good about adding passwords to the Keychain. At least > Safari and Chrome are; I think Firefox might have its own password store > (boo). They're not always as good about filling in passwords for you again > afterwards, although Safari 7 has gotten better. So it's sometimes > necessary to look them up from the Keychain. > > Writing an app that will store passwords in some other way is a bad idea. > It's pretty much guaranteed to be less secure than the Keychain, which has > some kernel-level support for helping keep its storage secure. The Keychain > also has other advantages like syncing to iCloud and to iOS devices, in a > fairly secure way. > > (Sorry if I sound heavy-handed; nothing personal. I've been coding with a > security-conscious mindset for quite a while now, and it sticks with you. > Security is becoming increasingly important, and all developers whose code > ever touches things like passwords should be following good practices.) > > --Jens > > _______________________________________________ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com <javascript:;>) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/sevenbitstech%40gmail.com > > This email sent to sevenbitst...@gmail.com <javascript:;> _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/ddelmonte%40mac.com This email sent to ddelmo...@mac.com _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/ddelmonte%40mac.com This email sent to ddelmo...@mac.com _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
