Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How new Mac security measures will impact AppleScript

Lex Friedman | March 2, 2012
To the average user, the two new security technologies coming to OS X this year—sandboxing and Gatekeeper—should be virtually invisible. But they could be all too visible to more advanced users, particularly those who use AppleScript and Automator.

A developer offering a sandboxed app could therefore offer a downloadable set of AppleScripts from its own website. If the user then installs those scripts in the proper location, those scripts can be freely run by the user within the app, with no special entitlements needed. That’s because the user needed to intentionally install those scripts and then to trigger their execution. Because Apple considers the user the ultimate authority over his or her own Mac, the script will be allowed to run.

Developers who worry about whether or not users will install scripts in the right place will be able to create installers that place the scripts correctly; if the user runs and authorizes the installer, that’s treated as permission to put the scripts in the right place.

Gatekeeper: We noted above that user-created AppleScripts will run without problems. Apps from other sources that use scripts, however, might trigger a Gatekeeper warning: If they are distributed online without an Apple-approved developer signature, then Gatekeeper will alert the user to the issue.

Developers hoping to avoid run-ins with Gatekeeper for their app-based scripts will be able to do so, thanks to a new archive format offered with Mountain Lion called XIP. While applications and droplets can’t be signed directly, XIP archives can be. By enclosing scripts (or custom Automator actions) within XIP archives, then, developers can sign the actions and distribute them without raising Gatekeeper’s ire.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.