On Dec 30, 2009, at 5:42 PM, Mr. Gecko wrote:
> On Dec 30, 2009, at 5:33 PM, Ken Thomases wrote:
>
>> On Dec 30, 2009, at 5:15 PM, Mr. Gecko wrote:
>>>
>>> So are you saying I could use authorization service to store things with
>>> the user's authorization and get them back without the user's
On Dec 30, 2009, at 5:33 PM, Ken Thomases wrote:
> On Dec 30, 2009, at 5:15 PM, Mr. Gecko wrote:
>>
>> So are you saying I could use authorization service to store things with the
>> user's authorization and get them back without the user's authentication?
>
> You can store a very limited, spe
On Dec 30, 2009, at 5:33 PM, Ken Thomases wrote:
> On Dec 30, 2009, at 5:15 PM, Mr. Gecko wrote:
>>
>> So are you saying I could use authorization service to store things with the
>> user's authorization and get them back without the user's authentication?
>
> You can store a very limited, spe
On Dec 30, 2009, at 5:15 PM, Mr. Gecko wrote:
> On Dec 30, 2009, at 5:06 PM, Ken Thomases wrote:
>
>> On Dec 30, 2009, at 3:56 PM, Mr. Gecko wrote:
>>
>>> I am using Apple's SFAuthorizationView to find out if the user is an
>>> administrator. If they are an admin, I allow them to modify the set
So are you saying I could use authorization service to store things with the
user's authorization and get them back without the user's authentication? If
so, is there an example app I can look into and figure it out? Basically my
means of AES is to prevent the user from changing the settings wit
On Dec 30, 2009, at 3:56 PM, Mr. Gecko wrote:
> It's ether that you don't understand what I'm doing, or I don't understand
> that. Here is the full story.
>
> I am using Apple's SFAuthorizationView to find out if the user is an
> administrator. If they are an admin, I allow them to modify the s
Just as a word of advise.
This is a public list that's indexed by search engines. So don't
reveal anything here that you'd want to keep private.
I'm not advising security through obscurity. If you use keychains or
similar systems, knowing how it works won't help cracking anyway.
But just in c
It's ether that you don't understand what I'm doing, or I don't understand
that. Here is the full story.
I am using Apple's SFAuthorizationView to find out if the user is an
administrator. If they are an admin, I allow them to modify the settings, when
they save I am saving the settings in AES
On Dec 30, 2009, at 11:59 AM, Mr. Gecko wrote:
> This is basically for Parental Controls, I know I could ask for a password at
> first, but then any kid could grab a copy and set their own password. What
> I'm doing is I'm asking for them to authenticate with Mac OS X, and then once
> they are
A teenager could also crack your app and use the key he found to gain access.
If you want to prevent that, I guess you need to rethink the way you store
access credentials. I wonder how [Snow] Leopard Parental Controls do that.
You should also use Mac OS Keychain API and not reinvent the wheel i
But then the child/teenager, if they know about keychain they could check it
and find the key. Unless there is a way to prevent them from seeing it.
Speaking of keychain, can you recommend me a good public domain keychain
framework? I currently wrote my own and on some computers, the keychain did
You could store the generated key in a keychain. This way you wouldn't have to
ask for the password to access the encryption key.
--
Gleb Dolgich
http://pixelespressoapps.com
On 30 Dec 2009, at 18:58, Mr. Gecko wrote:
> But then how would I get the data? If the key has to do with the password,
But then how would I get the data? If the key has to do with the password, then
how can I get the parental settings and respond to them.
On Dec 30, 2009, at 12:51 PM, Gleb Dolgich wrote:
> Perhaps a better way would be to ask for a password once the user is
> authenticated, and then generate an
On 30 Dec 2009, at 17:59, Mr. Gecko wrote:
> This is basically for Parental Controls, I know I could ask for a password at
> first, but then any kid could grab a copy and set their own password. What
> I'm doing is I'm asking for them to authenticate with Mac OS X, and then once
> they are aut
Ok, I'll look up the different encodings I could do with openssl, Thanks for
the suggestion.
This is basically for Parental Controls, I know I could ask for a password at
first, but then any kid could grab a copy and set their own password. What I'm
doing is I'm asking for them to authenticate w
On 30 Dec 2009, at 17:17, Mr. Gecko wrote:
> Is it possible for me to encrypt the strings in my binary so hackers can't
> easily figure out what my application has in it? Reason I'm asking is I have
> some private keys that encodes data that I/parents don't want kids or
> teenagers to find.
I'
On Dec 30, 2009, at 9:17 AM, Mr. Gecko wrote:
> Is it possible for me to encrypt the strings in my binary so hackers can't
> easily figure out what my application has in it? Reason I'm asking is I have
> some private keys that encodes data that I/parents don't want kids or
> teenagers to find.
Of course I know that, but I saw on the iPhone how the strings are encrypted
and the only way for you to get the strings was if you used otool. Just that
and I'll be satisfied.
On Dec 30, 2009, at 11:32 AM, Tom Davie wrote:
> Simple answer: no.
>
> If your application can still read the string
Simple answer: no.
If your application can still read the strings, so can a clever person, if
by nothing else than sitting and patiently emulating a CPU with a piece of
paper and a pencil.
In order to actually secure something *you, or your recipient* have to be
involved in decrypting it, by know
19 matches
Mail list logo
