出自UXGuide.net

安全

Security

Mac OS X provides numerous technologies to help you perform secure operations. Using these technologies, you can store secret information locally, authorize a user for specific operations, or transport information securely across a network.

Mac OS X提供大量的技术来帮助您进行安全的操作。依赖于这些技术，您可以在本地保存隐秘的信息，可以针对特定的操作对用户进行授权，或者在网络上安全的传输信息。

Consider the following guidelines when you need to work with sensitive information or work in a secure environment:

当您需要工作在一个安全的环境中或者和一些敏感的信息打交道时，考虑如下准则：

• Factor out code that requires privileged access into a separate process. Factoring isolates the secure code from the nonsecure code and makes it easier to verify that no rogue operations are occurring that could do damage, whether intentionally or unintentionally.

将需要权限访问的代码剥离 到单独的进程中，这样可以将安全的代码和不安全的代码分离，从而可以轻松的验证有没有可能造成损坏的非法操作，无论是故意的还是无意的。

• Avoid storing passwords and secrets in plain-text files. Even if you restrict access to the file using file permissions, the information is much safer in a keychain.

避免将密码和私密信息保存在纯文本中，即使您已经严格限制了文件的访问权限。保存在Keychain中更为安全。

• Avoid inventing your own authentication schemes. If you want a client-server operation to be secure, use the authorization APIs to guarantee the identity of the client.

避免实现您自己的认证方案。如果您希望客户端和服务器的操作是安全的，您可以采用授权API来标识客户端。

• Avoid loading plug-ins from privileged code. Plug-ins receive the same privileges as the parent process.

避免在具有权限的代码中加载插件。插件会继承父进程的权限。

• Avoid calling potentially dangerous functions, such as system or popen, from privileged code.

避免在具有权限的代码中调用可能有潜在危险的函数，如system或者popen等。

• Don’t assume only one user is logged in. With fast user switching, multiple users may be active on the same system. See Multiple User Environments for more information.

不要假设只有一个用户已经登录。通过快速用户切换，同一个系统中可能会有多个用户同时是活动的。更多信息请参考多用户环境。

• Don’t assume that keychains are always stored as files.

不要假设Keychain是以文件存储的。

• Avoid relying solely on passwords for authentication. Mac OS X already supports smart card devices. Biometric devices such as fingerprint scanners may also be available some day.

避免仅依赖于密码来进行认证。Mac OS X已经支持智能卡设备。生物测量设备如指纹仪等也即将支持。

If your application stores passwords or other sensitive information, such as credit card numbers, store that information using Keychain Services. The keychain mechanism in Mac OS X provides the following benefits:

如果您的程序需要保存密码或其他敏感信息，如信用卡号码等，请使用Keychain服务。Mac OS X中的Keychain机制提供了如下好处：

• It provides a secure, predictable, consistent experience for users when dealing with passwords and other secret information.

用户需要处理密码或者其他私密信息时，Keychain提供了安全的，可预期的，以及一致的用户体验。

• Users can modify settings for all of the passwords as a group or create separate keychains for different activities, with each keychain having its own activation settings. (By default, passwords are modified as a group.)

用户可以通过组操作来更改所有的密码设置，或者针对不同的活动创建单独的Keychain，每个Keychain都有单独的活动设置。（密码默认的是按组来操作。）

• The Keychain Access application provides a simple user interface for managing keychains and their settings, relieving you of this task.

Keychain Access程序已经提供了管理Keychain及其设置的简单的用户接口，无需您单独实现。

For information and links to security-related documentation in Mac OS X, see Getting Started With Security.

关于Mac OS X中安全相关的文档的更多信息，请参考安全初步。