ADC Home > Reference Library > Technical Q&As > Security > Authorization >

Stay away from custom Authorization dialogs


Q: Is it possible to use the constants kAuthorizationEnvironmentUsername and kAuthorizationEnvironmentPassword, which are defined in "AuthorizationTags.h", in order to create my own custom authorization dialog?

A: The behavior of these constants is currently undefined, so you should not use them. Apple recommends that you take advantage of the system-supplied authorization dialog because...

  • in future versions of Mac OS X, users may be able to authenticate by other methods such as Kerberos, finger print readers, or smart cards, and your application will not behave correctly in these situations.

  • it's more secure to let the system handle the user's password on behalf of your application.

  • using the built-in dialog allows for a consistent user experience across all applications.

  • depending on how the system is configured, asking the user for a password might not even be required, so by using the system-supplied dialog, the user will only be prompted for a password when necessary.


[Sep 20 2002]


Did this document help you?
Yes: Tell us what works for you.
It’s good, but: Report typos, inaccuracies, and so forth.
It wasn’t helpful: Tell us what would have helped.