{"id":253,"date":"2007-01-08T12:15:26","date_gmt":"2007-01-08T19:15:26","guid":{"rendered":"http:\/\/www.red-sweater.com\/blog\/253\/keychain-developer-tip"},"modified":"2007-01-08T12:19:12","modified_gmt":"2007-01-08T19:19:12","slug":"keychain-developer-tip","status":"publish","type":"post","link":"https:\/\/redsweater.com\/blog\/253\/keychain-developer-tip","title":{"rendered":"Keychain Developer Tip"},"content":{"rendered":"<p>First of all, if you&#8217;re dealing with any sensitive information on behalf of the user,  you&#8217;re ethically responsible for storing that information securely. Mac OS X&#8217;s deeply integrated <a href=\"http:\/\/developer.apple.com\/documentation\/MacOSX\/Conceptual\/OSX_Technology_Overview\/AppTechnology\/chapter_5_section_12.html\">Keychain Services<\/a> leaves you with no excuse for saving passwords, credit card numbers, or other sensitive information in plain-text format on the user&#8217;s disk. Access to items in the keychain is controlled by users, and when any new application asks for access, the user generally has to approve it:<\/p>\n<p>\n<img decoding=\"async\" src=\"http:\/\/www.red-sweater.com\/blog\/images\/KeyChainAccessDialog.png\"\/>\n<\/p>\n<p>\nI recently added Keychain Support to an application where the sensitive password information needs to be fetched at launch-time, every time it launches. That&#8217;s fine, but one of the important security features of Keychain Services is its ability to detect changed copies of a previously permitted application. This is to ward off abuses in case a hacker has replaced some trusted application with one that is programmed to siphon off your keychain passwords or something:\n<\/p>\n<p>\n<img decoding=\"async\" src=\"http:\/\/www.red-sweater.com\/blog\/images\/KeychainConfirmChange.png\"\/>\n<\/p>\n<p>\nUsually this dialog appears only once in a while, after updating an application to a newer version, or installing an Apple software update. But when you consider the product development cycle: develop -> build -> test, you can imagine how frequently an application under development will trigger this warning.\n<\/p>\n<p>\nUntil provoked by this nuisance, I didn&#8217;t know about a feature in Keychain Access that allows users to open up access to a particular key. In general this would be a pretty insecure choice, but it makes a lot of sense for development purposes:\n<\/p>\n<p>\n<img decoding=\"async\" src=\"http:\/\/www.red-sweater.com\/blog\/images\/KeychainFreeForAll.png\"\/>\n<\/p>\n<p>\nYou&#8217;ll find the option in the &#8220;Access Control&#8221; tab after double-clicking any keychain item. So for the purposes of development, test against a key that doesn&#8217;t actually have any sensitive information in it, and set the access to unrestricted. Now you can rebuild and test as often as you like without being pestered by Keychain Services.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>First of all, if you&#8217;re dealing with any sensitive information on behalf of the user, you&#8217;re ethically responsible for storing that information securely. Mac OS X&#8217;s deeply integrated Keychain Services leaves you with no excuse for saving passwords, credit card numbers, or other sensitive information in plain-text format on the user&#8217;s disk. Access to items [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,31,11,19],"tags":[],"class_list":["post-253","post","type-post","status-publish","format-standard","hentry","category-apple","category-carbon","category-cocoa","category-technology"],"_links":{"self":[{"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/posts\/253","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/comments?post=253"}],"version-history":[{"count":0,"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/posts\/253\/revisions"}],"wp:attachment":[{"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/media?parent=253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/categories?post=253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/redsweater.com\/blog\/wp-json\/wp\/v2\/tags?post=253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}