sandbox???

Mike_McPherson · June 17, 2014, 10:02am

I’ve seen several references to sandbox, but not a clear definition/description of what/why
anyone have an idiot’s guide for the hard-of-clicking?
cheers

Torsten_Gaidies · June 17, 2014, 10:19am

Please have a look at
https://developer.apple.com/library/mac/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html

Mike_McPherson · June 17, 2014, 10:27am

aha
that makes a lot of sense
now - should I or shouldn’t I???

Torsten_Gaidies · June 17, 2014, 10:48am

You only need it,
for selling apps via the Mac App Store.

Mike_McPherson · June 17, 2014, 10:55am

aha!
no plans to go that route, so :):)

Michel_Bujardet · June 17, 2014, 11:09am

[quote=101123:@Mike McPherson]aha
that makes a lot of sense
now - should I or shouldn’t I??? :)[/quote]
You may want to sign your apps, though to avoid trouble launching it to users. But sandboxing is just mandatory for the MAS.

Mike_McPherson · June 17, 2014, 2:09pm

er ok
how do I do that?
cheers

Oliver_Osswald · June 17, 2014, 2:11pm

I’d strongly recommend to use AppWrapper and start with reading its documentation plus posts on this forum related to it.
http://www.ohanaware.com/appwrapper/

Thom_McGrath · June 17, 2014, 3:33pm

[quote=101129:@Torsten Gaidies]You only need it,
for selling apps via the Mac App Store.[/quote]
Although you only need it for the Mac App Store, the protection sandboxing offers applies equally to non-MAS apps. Just because a safety feature is mandatory by some, doesn’t mean it is useless otherwise.

I’ve said this elsewhere on the forum. Sandboxing helps to protect your users from things that you don’t know or may be out of your control. Plugins you are using, declares, or even the Xojo framework itself could have critical bugs that could allow an attacker to do evil stuff to the user’s computer. In that case, Sandboxing prevents that bug from affecting anything more than your app’s files.

Since the need for Sandboxing is based mostly around hypothetical and far-out situations, it’s easy for developers to dismiss. I recommend it for all Mac apps where possible.

Torsten_Gaidies · June 17, 2014, 4:08pm

Oh there is the schoolmaster I have missed in the forum
Just because it is a safety feature, doesn’t mean it is useful for everyone, otherwise.

Alex_von_Siebenthal · June 17, 2014, 5:01pm

[quote=101216:@Torsten Gaidies]Oh there is the schoolmaster I have missed in the forum
Just because it is a safety feature, doesn’t mean it is useful for everyone, otherwise.[/quote]

Thom is a former Xojo engineer and a widely respected participant of this forum

Torsten_Gaidies · June 17, 2014, 5:13pm

It is good to know, thanks for the info.

Eduardo_Gutierrez_de_Oliveira · June 17, 2014, 6:12pm

I wish Apple would revise some edge cases with Sandboxing, though.

For the only two Apps I make myself as a hobby (opposed to job-related) I can’t sandbox (and I’ve tried!). One requires root access both to install itself, to install a launchd script, to control config files and to start and stop. So frustrating. For the other I need the app to be able to write files next to any file in a hierarchy of files dropped onto it, but sandboxing doesn’t give me write privileges on the containing folders for the items (which I read but don’t write to).

I hate that I can’t use Sandboxing because I actually think it’s an excellent option and should be used as much as possible (that is, if your app can take it). It’s protection for the dev against weird uses and configurations and it’s protection for the users for a whole lot more reasons.