New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Switcher Hangout The place for switchers to discuss their new machines, and how to work with OS X. General support can be had here for newbie stuff, like "How do I restart my new iMac?" :)

Is there a way to disable the incessant password requirement?


Post Reply New Thread Subscribe

 
Thread Tools
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,991
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by Thor-HoG View Post
For instance, FireFox is not sandboxed. If you asked me, that's crap as any browser should be required to run in a sandbox, but oh well.. Safari doesn't either :/
Why? I think you might be overestimating the capabilities of sandboxing. It's not bullet proof (in fact it can be easily circumvented as it was in 2011 and 2012) and by no means offers protection against catastrophic failure. A more effective solution, and one that all browsers have now done, is process and plugin isolation.

Quote:
Originally Posted by chas_m View Post
Developers don't really have much choice in the matter.
They certainly do and Apple can be thanked for this. Since Apple limits the types of applications that can be put on the MAS and makes you pay to get a signed certificate, there will always be a glut of applications that require the "anywhere" permission. Although I don't represent the majority of independent developers, the software I make won't be going on the MAS nor will I pay Apple the $99 to gain the privilege of attaining a certificate.

This is nothing against Apple (until they remove the "anywhere" option) but rather to suggest that there will always be a group of people, and I'd say of a significant size, that need to install and run unsigned non-MAS software.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
Thor-HoG

 
Member Since: Mar 12, 2013
Posts: 6
Thor-HoG is on a distinguished road

Thor-HoG is offline
Quote:
Originally Posted by chas_m View Post
But sandboxing shouldn't be mistaken from the kind of protection setting it to "only allow installs of apps from the Mac App Store or signed Apple developers" does.
I don't understand. The only reason selecting "App Store and Apple" has any value at all is because App Store apps must have an Apple code-singing certificate. The only reason the code-signing cert distinction has value is because App Store devs must implement sandboxing in their apps. Interestingly enough, Apple's apps don't have to be sandboxed at all.

That's the only reason the "App Store and Apple" setting, as opposed to "Anywhere" has any value.

So my question is, what other security benefit do you think one gets by not selecting "Anywhere"?

t
QUOTE Thanks
Thor-HoG

 
Member Since: Mar 12, 2013
Posts: 6
Thor-HoG is on a distinguished road

Thor-HoG is offline
Quote:
Originally Posted by vansmith View Post
Why? I think you might be overestimating the capabilities of sandboxing. It's not bullet proof (in fact it can be easily circumvented as it was in 2011 and 2012) and by no means offers protection against catastrophic failure. A more effective solution, and one that all browsers have now done, is process and plugin isolation.
I never suggested it was "bulletproof." Nothing is, and I never expect it to be. Regarding Firefox (and others) plug-in sandboxing, that's all and good. Security in depth is the best way to do. However, I disagree that is it "more effective" than sandboxing. An hierarchical "sandboxing" as FF does with plug-ins works well when the plug-in is behaving well, and when the OS has been written to properly handle *any* possible breach. Sandboxing on the other hand, requires that the sandboxed app itself explicitly identifies only the required access to the sandbox engine in code. This gives you *two* layers of protection. An attack against the app will have to bypass the apps explicit code, and then it will have to bypass the wrapping sandbox.

Further, there are any number of attack vectors via browser exploits. I say again, ALL browsers should be written to sandbox requirements if they want to be responsible for security. Plug-in isolation would only apply to a plug-in, not to the million other vectors out there.

t
QUOTE Thanks
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 17,019
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2012 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is online now
Quote:
Originally Posted by vansmith View Post
They certainly do and Apple can be thanked for this. Since Apple limits the types of applications that can be put on the MAS and makes you pay to get a signed certificate, there will always be a glut of applications that require the "anywhere" permission.
True, but I think you're overestimating the number of people who will ever change the default settings on the security of ML going forward. Even I don't -- I will turn it off *temporarily* to download a specific thing I know I need, but then put it back on again. I like to think I'm not very gullible but I can envision some social engineering of the right sort tricking me someday.

Quote:
Although I don't represent the majority of independent developers, the software I make won't be going on the MAS nor will I pay Apple the $99 to gain the privilege of attaining a certificate.
My dev years are long behind me (until I get a killer idea I guess) but I always felt that the cost of being a registered Apple Developer was modest compared to the money you were likely to make off their infrastructure (not to mention deductible). If you're not making money on said software you have a point but if you are I think "giving back" a bit is a good idea.

Let me be clear about this: I'm referring to the membership in the Dev program, NOT having to sell from the MAS store, your point about that is well-taken.

Quote:
This is nothing against Apple (until they remove the "anywhere" option) but rather to suggest that there will always be a group of people, and I'd say of a significant size, that need to install and run unsigned non-MAS software.
Not of significant size IMO (at least compared to the number of people who do not need to ever run unsigned software), but yes there will always be some.
QUOTE Thanks

Post Reply New Thread Subscribe


« Best software to remove duplicate files and pictures | WinRAR for mac »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
How do i get rid of ALL passwords? MacForever OS X - Operating System 7 02-17-2013 11:24 AM
I need to end password requirement to print lesnorvell Switcher Hangout 5 02-04-2011 09:23 PM
Password Problem zer0cach3 OS X - Operating System 0 01-02-2006 10:26 PM
Screen saver password problem Biturbo V12 AMG Apple Notebooks 2 12-29-2005 05:10 AM

All times are GMT -4. The time now is 05:42 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?