Data file location and sandboxing

Hey,
I'm not very happy with the location by default in Library... Being not more able to choose this location is a bad thing for me... With the v3.8 it was possible, I don't understand this loss...
For me it's like a bug !!!

Please fix this !

Comments

  • khad
    khad
    1Password Alumni
    It is due to Apple's sandboxing guidelines which mean that 1Password only has access to files in locations that it specifically requests access to now. This increases security since it can't just read and write all over your hard drive anymore.

    As Steve Gibson put it in the most recent episode of "Security Now":


    People chafe at the sandboxing, that it's not easy to move something from one place to another. But that's also protecting us… My point is that we want power at no cost.



    A perfect example would be if the application did not need the clipboard. If it didn't use the clipboard ever, then it could enhance the security for everyone by declaring that right off the bat. When it starts up, it says "I do not use the clipboard." Then the OS could remove clipboard access rights from that process. And the beauty would be, then, that if that process ever did misbehave, if it got infected, or it was acting wrongly and tried to use the clipboard or any other feature similar which it had previously declared it had no use for, the operating system would block it, and that's a good thing.


    So it makes absolute sense for - I love what Apple's doing, that they have this notion, the notion of entitlements. So the idea would be that clipboard access would be an entitlement defined by Microsoft. The programmer could say, I either need it, I need that entitlement, or I don't. In which case the program would not be entitled to access the clipboard. And if all programs that didn't use things they didn't need declared themselves to be nonusers, security would be a lot better. So I think it's a great thing.



    His example using the clipboard is not one that applies to 1Password, but the same sort of security through only granting an allowance for what is essential to the applications functionality is at the heart of the move toward increased security through application sandboxing.

    A simple analogy is: removing the key to a car while it is running. There may be some circumstance under which this would be advantageous (though I can't think of one offhand), but the automobile manufacturers have decided instead to require that the vehicle be turned off before you remove the key. There may be one fellow somewhere who has a very compelling case for why he should be able to remove his key while the car is still running, but for overwhelming majority of folks, the limit to that functionality is actually a feature. When was the last time you wondered, "Did I leave the car running in the parking lot?" while you held your keys in your hand? My guess is never. :-)

    I'm sorry if that isn't the exact answer you were looking for, but you are free to continue to use 1Password 3.8 if the functionality to store your data file literally anywhere is essential to you. I'm not sure why you would have switched to the 3.9 builds if that is the case. :-)

    If you have any additional questions or concerns, please let me know.

    Cheers,
This discussion has been closed.