SQLite + Sandboxing Question

Hello all.

I am exploring the use of a SQLite db in my MAS app. I was wondering if it is as easy as setting the DB file in the folder location of an approved Sandboxed read/write folder? I know SQLite uses temporary journaling files, but I am unclear if SQLite uses your specified DB folder path for those as well? Any advice is appreciated.

Thank you in advance

Yes, all files are kept next to the main database. And since you have complete access to, for example, your own Application Support folder, you can read/write to your heart’s content.

If you want to keep the db elsewhere, say in Documents, you will have to use a mechanism to gain and keep the user’s permission.

Sweet! Thanks Kem!! :slight_smile:

Meanwhile, your non-sandboxed version can read/write everywhere, which is why I find sandboxing a useless inconvenience. Much like the TSA, it’s security theater.

Yeah its a pain for sure. :slight_smile:

But it keeps you buzzword compliant and that’s the most important thing, right?

:slight_smile: Absolutely! Another buzzword for the business cards :slight_smile: Along with users not having to see that ghastly message about “Are you sure you want to open this app since it will most likely crush your Mac!” :slight_smile: or something like that :slight_smile:

Mike, weren’t you at my sandboxing talk?

I was but I couldnt remember the SQLite piece of that. Your talk and Sam Rowlands helped my first app get approved this week! :slight_smile:

Wasn’t what I was referring to. I was referring to the part where I explained the benefits of sandboxing. :stuck_out_tongue:

Yes I understand those, but it appears my humor wasn’t too smooth :slight_smile:

Thom I am also a network security guys also and I appreciate all of the security advantages sandboxing provides. Your topic was very good understanding those benefits.

I’m not offended by any means. I just found it awkward that two people who were sitting in my talk are going back and forth about sandboxing being nothing more than a buzzword. That’s all.

Kem and Tim were joking with me :slight_smile:

I wasn’t there for your session, and I was quite serious. Sandboxing in a controlled environment like iOS is useful and desirable. Not so much in a free environment like OS X.

Always open to hearing why I’m wrong, of course. But right now it’s like claiming a plane is secure even though half the passengers boarded straight from the parking lot. The passengers who got groped by TSA are saying, “I wasn’t going to hijack the thing anyway.”

Yeah, I couldn’t remember if you were there or not.

Sandboxing protects your users from what you do not know or may not be able to control. For example, if Xojo’s framework has an exploitable bug, that means your app has such a bug. Sandboxing limits the damage such a bug could do to a user’s system to only the files your app owns. Same could be said for any plugins for frameworks you include.

Christian wrote: “Sandbox is for MAS only”.

If I decide to stick to this viewpoint, then I probably will continue to write non-sandboxed software in the way I used to do for years. Then I may not be prepared for the near future.

However, if I look ahead, then I will try to get acquainted with all the does and don’ts related to sandboxed software.

I can see how non-enterprise customers, the huge number of home-users and self-employeed persons, tend to use more and more simple software and devices, like tablets. I believe that desktop software will evolve towards the same simplicity and towards similar behavior (aka sandbox) as tablet software.

So I wouldn’t count on sandbox being for MAS only.

My main software product is a customizable seminar management system, with screenlayout- and database editor, which can connect to various database engines. Via AppleScript it can talk to MS Office and more. I made it run in a sandbox, even so I have no plans yet to make it available in MAS.

But I simply don’t want to develop two versions in parallel, but I would like to develop and test as closely as possible to a potential MAS version. Just to keep this door open for the future.

Plus it brings an additional level of security (buzz… :slight_smile: )