Thu 02 Feb 2006
Luca and MySQL
Category : Technology/LucaMySQL.txt
Hai Hwee's been pretty busy herself these last two weeks. She's got a Universal Binary version of her SQLite Cocoa framework, as well as one now for MySQL. With these, she's able to build a Universal Binary version of Luca Accounting, that will support both MySQL and SQLite databases.
What we're trying to do is this : the user starts off using Luca, and entering his accounting data, with the built-in SQLite database. Then when he needs a faster, more scaleable database, with multi-user, concurrent access capabilities, he can go to Luca Preferences, point Luca towards MySQL, wherever he has installed it, and give Luca the rights to create the accounting database, populating it from the SQLite database.
Hai Hwee's got the hard part done - building Universal versions of the database access frameworks, as well as an architecture that will allow us to plug in support for other databases, like PostgreSQL, when we learn how to do them.
The next thing to do is build the user interface for switching between the databases.
Posted at 8:57AM UTC | permalink
About Authorisation Services and the Security Framework
Category : Technology/securityFramework.txt
Over the long Chinese New Year weekend just past, I've also built an experimental version of MailServe that uses Authorisation Services which, together with the Keychain, is part of Cocoa's Security Framework.
I was trying to avoid having to use sudo to change things at the system level but, instead, use a shell tool that has its uid set to root to do all the privileged operations. But a setuid root tool is a dangerous thing. And that's where Authorisation Services come in - to make sure that the user is authorised to perform each privileged operation, and to authenticate that the user is who he says he is. With the Cocoa API's, you get to do all these in an orderly way.
And there are few other benefits to doing things "the right way". If the user is using a Mac that allows him to authenticate using smart cards, finger print or retinal scanning, in place of passwords, my applications will still work without my having to do a thing.
But what I was trying to do now was to avoid holding on to the user's password, which I have to do as long as I have to pass it on to sudo.
I almost got there. It turns out that the postfix command needs to be performed by a superuser. But somehow a setuid root process, which should be considered as executing with the privileges of a superuser, is not considered privileged enough by the postfix command. I still need sudo to run the postfix command in the setuid process, and there's something I'm missing here. I'm so close to getting it done. The code's a lot neater, and I may be able to kill the occasional problems I have with people's passwords not working, once and for all, since I'm using the same authentication services that you use when you log in to your system or change network settings.
Posted at 8:57AM UTC | permalink
MailServe Universal Binary Released
Category : Technology/MailServeUniversalReleased.txt
Here's a first Universal Binary version of MailServe (version 2.0.6). Nothing else has changed (besides fixing the user interface bug for the Mailbox Size Limit field, which didn't get anchored properly during resize). If you're using it on an Intel Mac, please let me know how it went for you.
I've left the previous PowerPC-only version (2.0.5) available for download, just in case.
Posted at 3:09AM UTC | permalink