Security-Scoped Bookmarks redux

Just a bit of follow up information regarding Security-Scoped Bookmarks.

Some of you may know that I ran into several issues with SSB and decided that I wanted nothing to do with them. I’m currently working on another project that relies on SSBs and after re-reading ADF and Apple’s documents I think I have a better understanding of where I went wrong and so I want to write up my findings to help others.

Limited life span of access
The first issue I discovered was using SSBs to references to images that were used in the document. While this sounds like a great idea, the problem I encountered was a clash of technologies. For this one application I’m using Core Image to process images, Core Image is a lazy processor. So I would request access, set up my core image script and then try to draw the image. I found access was being revoked by the system before drawing had finished, so I ended up with blank pictures.

The solution is to bring the images into a place whereby I don’t need to request access to them.

Bookmarks calling bookmarks
The second issue, is that I was using SSBs to store references to recent items, (this also causes other issues), but I needed access to read the file data, which then contained SSBs, and I’d then also need access to read these files. From what I can understand on the ADF, this is a bad thing to do.

The solution is to use NSDocumentController to maintain the recent item menu, it automatically retains access to the files in the list for you. Then if you use SSBs within the document file to access resources, it doesn’t seem to fail so much.

SSBs open the file when the bookmark is being created
It took me a while to realize this, but every time a SSB is created it opens the file that it’s referencing. This causes the modification date to be changed and hence why Time Machine was backing up all the files in my recent items list every time the application was run (even though my application didn’t actually open these files).

The solution is to avoid doing anything with the SSB until you actually need to access the file.

Don’t use SSBs to store references to items within your application bundle
While this doesn’t appear to cause any issues with access, it will get your application rejected from the Mac App Store due to the nature of SSBs opening files when SSBs are created.

The solution is to either use a file path or your own reference mechanism allowing the app to rebuild the path to the file in the resources folder.

10.7 ~ 10.7.3 Users can’t use any bookmarks
If you do use SSBs to store references to files, they work on 10.6, but not on 10.7 ~ 10.7.3 so it will break your application on the earlier versions of 10.7.

Either find another Sandbox safe solution or add a msgbox encouraging users of 10.7 ~ 10.7.3 to upgrade to 10.7.5

I appreciate your posting this. You have convinced me to avoid SSBs for now. :slight_smile:

I’m not sure SSBs should be completely avoided as they’re the way you’re supposed to be dealing with most of these things. Yes, they have limitations, but part of the problem is simply that you’re not using NSDocument when you probably should be.

For simple things there are other solutions, for instance using NSDocumentController to manage the recent items menu. It automagically saves and restores access.

I do have some second generation SSB code that it working quite well in an app I’m working on right now, so if you really need to use SSBs then, feel free to ask.

If you’re going to make it freely available, why not submit it to MacOSLib?

Perhaps a Readers Digest version of “What a Security Scoped Bookmark is, and why you might care?”

Bah, Apple Support told me to use them so now I’m taking the plunge.

I’d never thought of doing that.

I’ll be doing an article in a future xDev magazine as I’ll be covering Sandboxing soon. The long and the short of it is, SSBs are a dirty kludge, that have many constraints which can lead to your application being dead and useless until the container is deleted…

Ergh… I feel for you man…

While I agree that switching to a document based framework can help for many document based application, I managed to cobble together an incomplete solution (App Wrapper mini uses it), it does require the MBS plugin and a complete re-write and re-design of existing applications.

I just want to add that I’m totally biased, because of the pain and suffering that we’ve had to endure in trying to implement SSBs, and even when they work on our machines, we’ve found situations where they didn’t for our customers and this then left our customers unable to use our application and incurred negative reviews on the Mac App Store!