I have an app that needs access to this file: ~/Library/Preferences/ByHost/.GlobalPreferences.BFF8417E-284A-5C97-B9A8-FB91B9DA7642.plist
My app works perfectly fine without the sandbox enabled but when it is enabled it prevents access to this file as I can see in console. How can I let my app have access to this file while sandbox is enabled? Please HELP!
Thanks in advance
In practical terms, you can't. That file contains some sensitive system settings, and is not accessible to sandboxed applications.
You could try adding a temporary exception entitlement to give your application access to that file, but Apple will not approve an application with such an entitlement for store distribution. (Particularly because that file name is only correct for your computer! The UUID in the filename is different for every machine.)
Related
I have been doing some basic application access and privilege management.
And to fully understand the access permissions of UWP applications, I decided to create one on my own and check.
As given in MSDN, the app was able to access the files mentioned here.
Now, I know that UWPs run in a sandboxed environment and they aren't given full access to all files in the system.
But is there any way for the admin user to grant the application rights to access files in the drive, for instance, the system32 file or a random text file that the user saved in C drive?
Yes, your app can declare the "broadFileSystemAccess" capability and then it can access all files in the system that the user has access to, given the user provides consent to this capability.
See documentation here:
https://learn.microsoft.com/en-us/windows/uwp/files/file-access-permissions
I have a computer that is used for getting database information from the server in the same domain, and this computer is used by employees who don't have the server admin information.
When the computer restarts, I'd like it to automatically log in to Windows Server so that it can access the database files. Is it possible to write a script for this that runs on boot?
Thanks in advance
I solved this by adding the credentials to the Credentials Manager in Windows, along with disabling the Windows Server dashboard program. This makes Windows automatically log in to the server with the stored credentials on boot.
Since your question really isn't specific, I'd like to suggest two ways of accomplishing your goal.
Since you'd like to access database information, why not use some kind of database management software (like SSMS if you're using MSSQL) and set up proper permissions for the user/computer that will need to obtain information from that particular server/database.
If you need access to raw files (which doesn't make much sense in case of MSSQL for accessing purposes), why not set up proper permissions on the file or parent folder, giving the user that is logged to the client PC proper permissions to access the files that are of interest.
I have application to which i'm trying to add widget too.
I wonder where should i put files which i want to use between application and the widget (sql lite database for core data).
Currently app data is inside:
~/Library/Application Support/my.app/
And widget data is inside:
~/Library/Application Support/my.app.widget/
Sandboxing is on on both (as it's required).
I wold like the sql file to be accessible from both app and the widget.
According to "The Application Group Container Directory" section of Apple's App Sandbox Design Guide:
an application can use the com.apple.security.application-groups
entitlement to request access to a shared container that is common to
multiple applications produced by the same development team. This
container is intended for content that is not user-facing, such as
shared caches or databases.
What this means is that you can obtain the path to your application group containers by using the "containerURLForSecurityApplicationGroupIdentifier" method of NSFileManager to get the path to your application & widget's shared data folder.
I need to create a temporary folder that will be accessed from the application only.
It means that even current user and system administrator are not able to open it from the Explorer.
While application is running, there'll be some files put into it. Once it's terminated, folder and all its content are deleted (again programmatically, no manual delete ability).
P.S. I found few posts here but there are no proper solution given yet.
Thanks in advance.
Windows security does not work that way. You cannot restrict access by application, only by user. If you want only your app to have access to a given resource then you have to create a new user account, configure the resource to grant access to only that user, and then run your app using that user, or at least have your app impersonate that user when needed. Files/folders are securable objects, and Windows security is based on user accounts.
I want to try AppHarbor, but I have an application which stores uploaded files in certain place on a filesystem. Is it compatible with AppHarbor? Can I store files in the file system and access them later?
(what kind of path can I expect, like c:\blabla something or what?)
Thank you.
You can store files on the local filesystem, but the application directory is wiped on each new deployment so it's not recommended to rely on for file storage.
Instead we recommend that you use a cloud storage service such as Amazon S3, Google Cloud Storage or similar. There are .NET libraries for both services.
We recently wrote a blog post about uploading files directly to S3 and GCS from the browser that you might want to read.
If you are using a background worker, you need to 'Enable File System Write Access' in the settings of you application.
Then, you are permitted access to write to: Path.GetTempPath()
Sourced from this support question: http://support.appharbor.com/discussions/problems/5868-create-directory-in-background-worker