On 14 Sep 2015, at 19:06, Nick <eveningn...@gmail.com> wrote: > Yes my code is listening to incoming connections, however I do not own that > code - I just embedded a web server into my app, thus i am not the one who > binds/listens to a socket and accepts connections - so i cannot delegate this > to launchd.
In my experience it's relatively simple to cut the head off such code and wire it up to a launchd-based listening socket. The advantage of that approach is that you get launch on demand support. > I would assume that once the app has been allowed with the firewall, the > system could calculate the binary's hash/checksum, so the next time the > firewall wants to pop up an alert, it would recalculate the checksum and > compare the result with what it has in its database already, check whether > the checksum (and therefore the binary) has changed since or not, and based > on that pop up an alert or just allow/block the connection. Back in the days things worked that way for the firewall, and I believe things still work that way for the keychain. However, code signing has become sufficiently widespread on OS X that I wouldn't be surprised if the legacy support has fallen by the wayside. Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to arch...@mail-archive.com
