I have some basic skills in Xcode (Obj-C and Swift) and I want to write a single application for doing some administration stuff on client Macs. (For example: setting the Software Update Server ULR, switching on Remote Administration, showing network traffic etc.) What is the proper way to gain administrator privileges? I'd just like to avoid repeating password prompts. Can/should the whole application be elevated?
I prefer Swift, but cannot find a good tutorial or any up-to-date documentation. As I will be the only person to use this application, the security concerns may be different.
Related
I have a question regarding the Mac App Store. I am planning to release a software with admin privileges to achieve its core functionality, but according to Apple -
2.27 - Apps that request escalation to root privileges or use setuid
attributes will be rejected.
I must seek other ways to achieve this. I am thinking of distributing the app without the need to use root privileges, and offering users an option to download my helper app which will be distributed for free on my website. Some interprocess communication sorcery between my app and the helper seems to fit the bill. But to make things even better -
2.16: Apps that download or install additional code or resources to
add functionality or change their primary purpose will be rejected
You see, I would only need to offer a link to my website which in turn suggests users to download the helper. So my question is, is my approach to this going to elude Apple's dreadful rejection?
You should have a look at Awaken, an OS X app distributed with the App Store and that also offer the possibility to download a helper (which requires the user to authorize the elevation of privileges).
That's apparently the same situation as yours, and it was accepted on the App Store.
As someone new to developing for macs I was wondering if I could gather some advice on dealing with network proxies. Currently the software makes use of:
NSURLRequest
NSURLDownload
[NSString initWithContentsOfURL:]
WebKit / WebView
I had a little search on google and found Apple's page on CFProxySupport although I haven't looked too deeply into implementation with the above. I also see that you can configure proxies in Mac OS X's System Preferences - do the above automatically use the values set here?
Also, in terms of user interface, what is usually expected when it comes to proxies? Is it acceptable to simply require the user to set the details in the System Preferences or should I really be providing the ability to set the details separately in my own application?
Thank you.
NSURL, WebKit etc. automatically uses the appropriate proxy set in OS X's System Preferences.
On the other hand it's difficult to set the proxy which is different from that in the System preferences if you use these APIs.
For a normal app, it's expected that you don't set proxies in your app ... E.g. my dad and mom dread internet configurations. They ask me to set up the internet for them for their Mac. I don't think they're willing to set the preference separately for separate apps.
Of course if your app is a download assistant, file uploader, or maybe a completely independent browser as FireFox, you might want to implement a separate proxy setting for your app, to suit the need of the geeks and nerds like me who uses your app!
I'm in the design phase for a desktop-based application. Because of the nature of this particular application, I believe it would benefit greatly from a web-based approach (i.e., allowing a user to interface with the application through a browser running in kiosk mode) in order to leverage the simplicity of HTML/CSS/JS and the availability of many great JS interface plugins. Does taking this approach (rather than coding in a native or cross-platform graphics library) come with any gotchas?
Well, your access to the OS and other domains are going to be limited.
What about using something like Adobe AIR that lets you use HTML/CSS/JS and compile it into a proper desktop app?
Please look at http://www.terrainformatica.com/htmlayout/ - the library which was designed to create desktop GUI using html and css.
The main "gotcha" to doing a web GUI is that you are going to need to set up a web server of some kind. A gui app can be just a single executable. You allso (probably) will need some GCI coding to get information back from the user to your program. In general, it is liable to be a whole lot more work.
Balancing against that is the fact that any user networked to your webserver anywhere in the world using the OS and browser of their choice should be able to operate your program.
Ill keep this short and simple. I need to find out the steps that I would have to take in order to administer IIS on a windows box using Ruby. The main thing I am trying to achieve is setting an existing websites home directory to a different folder.
I am not a ruby user, so I am not sure of its power. The basics are that IIS provides a lot of interfaces for administration,
ADSI,
WMI,
Native interface via a few C headers or COM
.NET API (provided in IIS 7)
So if ruby can be used to manipulate those interfaces, you can achieve your goal of administration.
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/9041b0a5-c314-46d9-8f56-01506687f357.mspx?mfr=true
http://learn.iis.net/page.aspx/173/overview-of-mwa--mwm-for-iis-7/
http://mvolo.com/blogs/serverside/archive/2007/07/12/Creating-IIS7-sites_2C00_-applications_2C00_-and-virtual-directories.aspx
We are developing a web-based point-of-sale application, which, while it mostly runs in a browser, also requires integration with hardware devices such as credit card readers. In order to provide hardware integration, we have implemented several simple ActiveX controls in C++ using ATL.
We are not experienced Windows developers, and are having difficulty understanding the installation process and security model for ActiveX controls. Obviously, this is a prerequisite to our users actually being able to run our application. :)
We are trying to determine what are the finest-grained and most restrictive set of permissions required for a typical unprivileged user (non-admin, non-power user) to install and update a particular ActiveX control (as opposed to any ActiveX control) from a signed .cab file served over HTTP as part of a web application. We need to know this for XP (SP2+) & IE6, as well as for more recent OS/browser combinations. We want this information so we can help our IT staff properly configure the machines on which the software will run.
We have done quite a lot of digging on the internet, and have not been able to find adequate documentation. We have also talked with some folks at Microsoft, who also could not provide us with the information we need.
Using the Sysinternals process monitor and some trial and error, we have been able to determine that the following registry permissions are sufficient to enable an unprivileged user to be prompted to install an ActiveX control on XP SP2 / IE6 (i.e. the user will see a the yellow bar at the top of IE saying "This site wants to install some software"):
HKLM\Software\Microsoft\Tracing (key only, create subkey permission)
HKLM\Software\Microsoft\Code Store Database (key only, create subkey permission)
The process of actually installing the control is much more complicated, and we haven't made much progress in sorting it out, beyond a general awareness that the user will need to write to C:\windows\downloaded program files\ and HKLM\Software\Microsoft\Code Store Database\Distribution Units\{guid}
(We are investigating the capability of Vista and Windows 7 to install ActiveX controls as an unprivileged user, but we need to support XP as well. We are also considering adopting AIR 2 as our platform, which provides native code integration, but that also doesn't address our immediate needs.)
It has been many, many, moons since I've had to be concerned with developing ActiveX controls embedded in a web page for a commercial product.
Kudo's to you and your team for doing
things the right way. I've seen too
many commercial, web based,
applications force enterprises to
lower the security requirements of
Internet Explorer because they
couldn't take the time to properly
package their application.
The basic premise that I remember was that you had to implement at least one specific interface, IObjectSafety, add a couple of specific component category ids during component registration, and sign your .cab with a certificate from a trusted CA such as Verisign.
Check out:
Safe Initialization and Scripting for ActiveX Controls
Packaging ActiveX Controls
Non Admin ActiveX Controls
If that doesn't work, try go get a hold of your local Microsoft Developer Evangelist to help point you in the right direction.
If you have a Microsoft Support Contract, then contact your Technical Account Manager (TAM) or Application Developer Consultant (ADC) for additional help.
Good Luck,
Z