Re: Suggestions for handling old document files with file paths in a sandbox environment
On 3 Oct 2012, at 16:15, Marshall Houskeeper mhouskee...@media100.com wrote: Our document file format currently stores file paths and file alias to external files. We can potentially have several thousand references to external files stored in a document. When we move to a sandbox environment, we will store Security-Scoped Bookmarks. What is the suggested method to handling old documents with with external file references in a sandbox environment? Arguably, here's what should (have) happen(ed): 1. March 2012, OS X 10.7.3 introduces security-scoped bookmarks. You update your app to start generating them 2. June 2012, sandboxing deadline for App Store. You update your app to be sandboxed at some point around then or later. Most documents already use security-scoped bookmarks. For those that don't, prompt using open panel By leaving it until now to worry about security-scoped bookmarks, you've placed yourself at a bit of a disadvantage. How are you currently storing references to external files? Bookmarks, aliases or raw paths? Ideally you'd already be storing bookmark data, so it's no change to the document format to add in security-scoped info too. Similarly, bookmark resolution can always fail because the file has been deleted or moved somewhere the system doesn't recognise. If this happens you ought to provide some sort of alert to the user, including an open panel to locate the file or its replacement. Upgrading to a security-scoped bookmark can follow the same pattern. Of course, with a large quantity of files that could become a big pain. In which case your best bet is to use the open panel to locate the *folder* containing a number of the files. That grants you access to all the other files within the folder. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On 3 Oct 2012, at 18:18, Sean McBride s...@rogue-research.com wrote: On Wed, 3 Oct 2012 11:15:48 -0400, Marshall Houskeeper said: Our document file format currently stores file paths and file alias to external files. We can potentially have several thousand references to external files stored in a document. When we move to a sandbox environment, we will store Security-Scoped Bookmarks. What is the suggested method to handling old documents with with external file references in a sandbox environment? I'm afraid the only choice seems to be: display an NSOpenPanel for each file. I wonder how Final Cut Pro will deal with this (and when it will get sandboxed.) Do file a bug, and pray. Mine's rdar://problem/10898972 if you want to dupe it. I've no idea how Apple could possibly offer a secure system for migrating documents to the sandbox though :( ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On 3 Oct 2012, at 19:48, Sean McBride s...@rogue-research.com wrote: On Wed, 3 Oct 2012 11:38:10 -0700, Quincey Morris said: If an item is in your sandbox, you don't need the bookmark at all (for security reasons, anyway). If the item is *not* in your sandbox, then you're going to have to ask the user for access -- possibly thousands of times. Which is of course ridiculous. Can you imagine Final Cut Pro or Xcode doing such a thing when opening their old documents? Notice Apple hasn't sandboxed those applications? My solution for now is: !-- Allows full access to filesystem, due to numerous difficulties with App Sandbox. rdar://11616142 -- keycom.apple.security.temporary-exception.files.absolute-path.read-write/key array string//string string/Volumes//string /array You still get some benefit from the sandbox (protection against network, USB, camera being compromised), but have full file system access. If you care about App Store (I don't), they may not allow this. They almost certainly won't allow it. A combo of pleading, explaining, and being well-established might help you out though. Ideally your entitlement would be read-only for most apps. Sadly though due to a bug you need write access to a file in order to generate a read-only security-scoped bookmark to it at present. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On 3 Oct 2012, at 21:34, Quincey Morris quinceymor...@rivergatesoftware.com wrote: On Oct 3, 2012, at 12:44 , Marshall Houskeeper mhouskee...@media100.com wrote: Our plan is to use Security-Scoped Bookmarks for all new documents to store external file references when we go to the sandbox environment. In our use case, I would guess that none of the external referenced files would be stored in our sandbox. What I'm saying is, for all *new* documents, you can't create security-scoped bookmarks unless the user has authorized each (via the open panel). Thus, even for future documents, if they contain thousands of references via bookmarks, then you would have had to get them through the open panel thousands of times. Of course, this is the worst case. If the user is actually adding (say) hundreds of files from a single folder, then presumably you'd might have the user choose the folder and create a bookmark to the folder rather than the files. But the point is that AFAIK: 1 security-scoped bookmark == 1 visit to the open panel Not strictly true. All you need to generate a security-scoped bookmark is write access to the file. This may be obtained by open/save panel, or pasteboard for the specific file. But it may also be obtained by open panel, security-scoped bookmark, or temporary entitlement for a parent directory. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On 3 Oct 2012, at 22:02, Marshall Houskeeper mhouskee...@media100.com wrote: Hi Quincey, I have no problem with the use of the open panel ( security-scoped bookmark )for creating new documents. The problem is for pre sandboxed documents or documents that come from Windows. Having the user re-authorize each external file would be very problematic and time consuming. So what's your document format here? A document that references external files that it expects to be portable between systems is a little unusual. Why not use a package-based document format? ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
Hi Mike, Our products are a video/audio editor application and video effect plugins. In both cases, our file formats (data block for plugin data) can store many file references. Our files keep references to file types such as quicktime movies, audio files and text files as well as links to our program and bin files.We have been shipping products well before the introduction of security-scoped bookmarks. Our customers have very large libraries of edited shows that they often go back to edit or review. The data for these programs is often spread across multiple disk volumes. Another wrinkle to the problem: Users commonly wil move/delete and then restore to the same or another disk the audio/video/image data while changing projects. One feature that we provide that will also break under sandboxing is the ability to scan the local and network drives to relink media the has been moved or restored to a new location. Marshall On Oct 4, 2012, at 1:08 PM, Mike Abdullah wrote: On 3 Oct 2012, at 22:02, Marshall Houskeeper mhouskee...@media100.com wrote: Hi Quincey, I have no problem with the use of the open panel ( security-scoped bookmark )for creating new documents. The problem is for pre sandboxed documents or documents that come from Windows. Having the user re-authorize each external file would be very problematic and time consuming. So what's your document format here? A document that references external files that it expects to be portable between systems is a little unusual. Why not use a package-based document format? ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On 4 Oct 2012, at 20:18, Marshall Houskeeper mhouskee...@media100.com wrote: Hi Mike, Our products are a video/audio editor application and video effect plugins. In both cases, our file formats (data block for plugin data) can store many file references. Our files keep references to file types such as quicktime movies, audio files and text files as well as links to our program and bin files.We have been shipping products well before the introduction of security-scoped bookmarks. Our customers have very large libraries of edited shows that they often go back to edit or review. The data for these programs is often spread across multiple disk volumes. Right, so how are you storing that reference? A raw path? I wasn't terribly clear I'm afraid: Bookmark data was introduced in OS X 10.6. It's only with 10.7.3 that you could generate security-scoped bookmarks. The two are completely compatible though; 10.6 can happily handle security-scoped bookmarks. And 10.7+ can decode the old bookmarks, just without the ability to actually access them. Another approach you could take, or perhaps do alongside the document-scoped bookmarks, is to ask the user what disks/folders they're using for the project. You can then save an application-scoped bookmark to that, granting you access forever more. Another wrinkle to the problem: Users commonly wil move/delete and then restore to the same or another disk the audio/video/image data while changing projects. One feature that we provide that will also break under sandboxing is the ability to scan the local and network drives to relink media the has been moved or restored to a new location. Well you can pop up an open panel asking to select a folder/disk to scan. That grants you access to perform the task at least. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Suggestions for handling old document files with file paths in a sandbox environment
Our document file format currently stores file paths and file alias to external files. We can potentially have several thousand references to external files stored in a document. When we move to a sandbox environment, we will store Security-Scoped Bookmarks. What is the suggested method to handling old documents with with external file references in a sandbox environment? ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On Wed, 3 Oct 2012 11:15:48 -0400, Marshall Houskeeper said: Our document file format currently stores file paths and file alias to external files. We can potentially have several thousand references to external files stored in a document. When we move to a sandbox environment, we will store Security-Scoped Bookmarks. What is the suggested method to handling old documents with with external file references in a sandbox environment? I'm afraid the only choice seems to be: display an NSOpenPanel for each file. I wonder how Final Cut Pro will deal with this (and when it will get sandboxed.) Do file a bug, and pray. Cheers, -- Sean McBride, B. Eng s...@rogue-research.com Rogue Researchwww.rogue-research.com Mac Software Developer Montréal, Québec, Canada ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On Oct 3, 2012, at 12:18 PM, Sean McBride s...@rogue-research.com wrote: On Wed, 3 Oct 2012 11:15:48 -0400, Marshall Houskeeper said: Our document file format currently stores file paths and file alias to external files. We can potentially have several thousand references to external files stored in a document. When we move to a sandbox environment, we will store Security-Scoped Bookmarks. What is the suggested method to handling old documents with with external file references in a sandbox environment? I'm afraid the only choice seems to be: display an NSOpenPanel for each file. This may be a dumb question, as I haven't worked with the sandbox much and am somewhat ignorant of it, but is there a way to just ask for permission to open a specific file and have a Cancel or allow box come up, or is the only option to run a standard NSOpenPanel and run the risk that the user might change the file that's selected before dismissing it? If so, how does one do that? I don't see anything in the NSOpenPanel docs. Charles ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On Oct 3, 2012, at 11:06 , Charles Srstka cocoa...@charlessoft.com wrote: is there a way to just ask for permission to open a specific file and have a Cancel or allow box come up You can use the 'NSOpenSavePanelDelegate' protocol to validate whatever the user chooses, or you can just validate the returned URL when the open panel is completed. There's no way to tell the panel to freeze itself on a specific file. On Oct 3, 2012, at 08:15 , Marshall Houskeeper mhouskee...@media100.com wrote: When we move to a sandbox environment, we will store Security-Scoped Bookmarks. In the absence of further information, I don't see how this plan to store bookmarks is going to work. You can only create security-scoped bookmarks to items you have access to. If an item is in your sandbox, you don't need the bookmark at all (for security reasons, anyway). If the item is *not* in your sandbox, then you're going to have to ask the user for access -- possibly thousands of times. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On Wed, 3 Oct 2012 11:38:10 -0700, Quincey Morris said: If an item is in your sandbox, you don't need the bookmark at all (for security reasons, anyway). If the item is *not* in your sandbox, then you're going to have to ask the user for access -- possibly thousands of times. Which is of course ridiculous. Can you imagine Final Cut Pro or Xcode doing such a thing when opening their old documents? Notice Apple hasn't sandboxed those applications? My solution for now is: !-- Allows full access to filesystem, due to numerous difficulties with App Sandbox. rdar://11616142 -- keycom.apple.security.temporary-exception.files.absolute-path.read-write/key array string//string string/Volumes//string /array You still get some benefit from the sandbox (protection against network, USB, camera being compromised), but have full file system access. If you care about App Store (I don't), they may not allow this. Cheers, -- Sean McBride, B. Eng s...@rogue-research.com Rogue Researchwww.rogue-research.com Mac Software Developer Montréal, Québec, Canada ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On Oct 3, 2012, at 1:38 PM, Quincey Morris quinceymor...@rivergatesoftware.com wrote: On Oct 3, 2012, at 11:06 , Charles Srstka cocoa...@charlessoft.com wrote: is there a way to just ask for permission to open a specific file and have a Cancel or allow box come up You can use the 'NSOpenSavePanelDelegate' protocol to validate whatever the user chooses, or you can just validate the returned URL when the open panel is completed. There's no way to tell the panel to freeze itself on a specific file. That sounds like a recipe for some really confusing UI... Charles ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
Our plan is to use Security-Scoped Bookmarks for all new documents to store external file references when we go to the sandbox environment. In our use case, I would guess that none of the external referenced files would be stored in our sandbox. The problem that I have is opening old documents that where created pre sandboxing or documents that where created on Windows and copied to the Mac with their associated external files. I would be very interested in knowing how Final Cut plans to handle similar problems. Marshall On Oct 3, 2012, at 2:38 PM, Quincey Morris wrote: On Oct 3, 2012, at 11:06 , Charles Srstka cocoa...@charlessoft.com wrote: is there a way to just ask for permission to open a specific file and have a Cancel or allow box come up You can use the 'NSOpenSavePanelDelegate' protocol to validate whatever the user chooses, or you can just validate the returned URL when the open panel is completed. There's no way to tell the panel to freeze itself on a specific file. On Oct 3, 2012, at 08:15 , Marshall Houskeeper mhouskee...@media100.com wrote: When we move to a sandbox environment, we will store Security-Scoped Bookmarks. In the absence of further information, I don't see how this plan to store bookmarks is going to work. You can only create security-scoped bookmarks to items you have access to. If an item is in your sandbox, you don't need the bookmark at all (for security reasons, anyway). If the item is *not* in your sandbox, then you're going to have to ask the user for access -- possibly thousands of times. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On Oct 3, 2012, at 12:44 , Marshall Houskeeper mhouskee...@media100.com wrote: Our plan is to use Security-Scoped Bookmarks for all new documents to store external file references when we go to the sandbox environment. In our use case, I would guess that none of the external referenced files would be stored in our sandbox. What I'm saying is, for all *new* documents, you can't create security-scoped bookmarks unless the user has authorized each (via the open panel). Thus, even for future documents, if they contain thousands of references via bookmarks, then you would have had to get them through the open panel thousands of times. Of course, this is the worst case. If the user is actually adding (say) hundreds of files from a single folder, then presumably you'd might have the user choose the folder and create a bookmark to the folder rather than the files. But the point is that AFAIK: 1 security-scoped bookmark == 1 visit to the open panel Depending what your app is actually doing, this might be painful for users. In the Final Cut scenario which Sean mentioned, I'd assume there *is* a visit to the open panel for adding each asset (or asset folder) to the project. But that was true even before sandboxing entered the picture -- sandboxing doesn't really add anything new (except perhaps to force re-authorization of locations for items in existing projects, one time). ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
Hi Quincey, I have no problem with the use of the open panel ( security-scoped bookmark )for creating new documents. The problem is for pre sandboxed documents or documents that come from Windows. Having the user re-authorize each external file would be very problematic and time consuming. What I am looking for are suggestions to best handle or avoid the re-authorization of each embedded file reference. One option may be to write a non sandbox application that would take the non sandboxed document and convert the file references to security-scoped bookmarks if this is allowed. Note; I am not trying to start a sandbox flame war. Marshall On Oct 3, 2012, at 4:34 PM, Quincey Morris wrote: On Oct 3, 2012, at 12:44 , Marshall Houskeeper mhouskee...@media100.com wrote: Our plan is to use Security-Scoped Bookmarks for all new documents to store external file references when we go to the sandbox environment. In our use case, I would guess that none of the external referenced files would be stored in our sandbox. What I'm saying is, for all *new* documents, you can't create security-scoped bookmarks unless the user has authorized each (via the open panel). Thus, even for future documents, if they contain thousands of references via bookmarks, then you would have had to get them through the open panel thousands of times. Of course, this is the worst case. If the user is actually adding (say) hundreds of files from a single folder, then presumably you'd might have the user choose the folder and create a bookmark to the folder rather than the files. But the point is that AFAIK: 1 security-scoped bookmark == 1 visit to the open panel Depending what your app is actually doing, this might be painful for users. In the Final Cut scenario which Sean mentioned, I'd assume there *is* a visit to the open panel for adding each asset (or asset folder) to the project. But that was true even before sandboxing entered the picture -- sandboxing doesn't really add anything new (except perhaps to force re-authorization of locations for items in existing projects, one time). ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Suggestions for handling old document files with file paths in a sandbox environment
On Oct 3, 2012, at 14:02 , Marshall Houskeeper mhouskee...@media100.com wrote: I have no problem with the use of the open panel ( security-scoped bookmark )for creating new documents. OK, understood. The problem is for pre sandboxed documents or documents that come from Windows. Having the user re-authorize each external file would be very problematic and time consuming. Putting the two halves of what I said together, the question is how many uses of the open panel (or Windows equivalent) did it originally take to produces these older documents? Thousands? My guess is not thousands -- thousands of files may be referenced, but there were many fewer add operations involved (either because the user added a folder, or added one file which implied the locations of other files). It seems to me you'd need to reduce the thousands of files references to a much smaller number of re-constructed user-did-add operations which would, yes, have to be individually reauthorized. This would, in many case, mean you were creating bookmarks for enclosing folders rather than files. What I am looking for are suggestions to best handle or avoid the re-authorization of each embedded file reference. One option may be to write a non sandbox application that would take the non sandboxed document and convert the file references to security-scoped bookmarks if this is allowed. I don't believe it's possible. If it were, sandbox security could easily be bypassed by malicious software. If there's no practical way to reduce the re-authorizations to a manageable number, then I think you must follow Sean's suggestion of getting a temporary entitlement for your app that allows it to read anywhere in the file system, using the need for compatibility with older documents as your reason. You *might* in this case be able to convert older documents to use security-scoped bookmarks, under the aegis of the temporary entitlement, but I admit I don't know whether there are constraints on bookmarks in this case. (It also means your users will need to convert their old documents before the temporary entitlement is deprecated sometime in the future, as I'm sure it will eventually be.) ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
