Dec

22

Bento Security Idea

Filed Under Bento Tips 

Paul Daniels (I’m assuming not this one) contact me with an idea about how to make Bento at least marginally more secure:

“I had high hopes that Apple would take care of this glaring omission in the v.2 release. Having unsecured information in a database makes me nervous and from reading the forums I can see I’m not alone. Here is the setup I used.

I followed the directions here and set up a secure drive on my Mac’s local hard drive. The password protected, secure drive can be buried in any folder you choose, which adds another layer of protection. When I installed Bento, I copied the program into the secure Disk Image Drive instead of the Applications folder as suggested by Apple. Bento’s database file is still in the normal location but the Bento program resides in the secure drive. I know this is not a foolproof encryption, but unless I’m missing something, someone would need to go through the process of reinstalling Bento to access your file. It might just be enough to keep visitors and others out of your Bento business.”

Comments

10 Responses to “Bento Security Idea”

  1. Dan on January 15th, 2009 5:58 pm

    Would it not be possible to create an encrypted Disk Image to replace the folder which contains the bentodb file?

  2. Simon on January 15th, 2009 6:01 pm

    You could except that each time you launch Bento you would have had to remember to decrypt the disk image and copy the bento.bentodb file to your /Library/Application Support/Bento folder or Bento will create a new empty one. Paul’s idea concentrates more on not letting someone quickly launch Bento itself.

  3. Matt on January 16th, 2009 5:55 pm

    Has anyone tried doing this by creating a symbolic link from /Library/Application Support/Bento to a folder on the encrypted disk image?

  4. Oscar Tello on January 16th, 2009 7:41 pm

    I think that including a native encryption on further versions is the way to go. I’d mean, probably configuring file vault can get some privacy, but a simple password access option to some libraries or the whole app can do the trick much more easy.

  5. Paul on January 16th, 2009 7:54 pm

    Would it not be better for the Bento makers to just get on the ball and make Bento a secure application ASAP? This is a major shortcoming to the software and should be addressed soon. How LOUD must the people cry before the makers hear?

  6. Jay on January 16th, 2009 8:01 pm

    FileVault is the only other way to secure your work, if you don’t want to use a secure Disk Image, and the new FileVault in Leopard is great, easy to set and very fast compared to previous versions.

    Alternatively, PGP has released a new app that encrypts the whole drive on Mac. It is more secure than FileVault, since the complete drive is encrypted and you need a password to start the Mac. But it costs while FileVault is included in Leopard and previous OS X.

  7. Will Martin on January 17th, 2009 5:59 am

    Securing the application without securing the database is leaving the data there for someone to copy with Target Mode, etc. and then run with their own copy of Bento on some other computer. If you want security, the data needs to be secured. File Vault would do it, though it is a bit dangerous, since a loss of the password, or technical problems with the drive is a loss of your entire account on the Mac and all its contents. Of course, that’s true of any account-based or disk-based encryption.

    Basically, there’s a continuum between convenience and security. Bento is convenient.

    There is no such thing as convenient security, or secure convenience.

    If you have some data on Bento that you want secured, and other stuff that you want convenient, you might create more than one account on your Mac and use File Vault on the account that has the secure Bento stuff, along with your other secure documents. Log into that account when you want to do secure stuff. Log into your convenient account when you want to do convenient stuff.

    Get the Locker widget to lock your secure account any time you walk away from your Mac while logged into the secure account, and don’t EVER let ANYBODY else use your Mac logged into your secure account. File Vault will protect the account against Target Mode copying (and similarly protect it against file recovery if you ever hose your OS).

    Then again, Time Machine would probably make an insecure copy of your secured stuff on your backup drive… You have to think about security a LOT if you want things to be really secure.

  8. DG on January 17th, 2009 3:04 pm

    Why not leave Bento.app where it is and have a look through the plist files etc and see if it’s possible to either change location in which Bento stores the database or tell Bento where to look for it. Somebody can then maybe write a script that would first open an encrypted dmg and then launch the program.

  9. DG on January 19th, 2009 2:06 pm

    As an aside to my post above, I believe what we’ll need to do is create a script, this script will open an encrypted dmg first and then open Bento. The difference is that in your user library where Bento usually put the database will be a symlink, (NOT an alias), this should point to a file that resides on that dmg.

  10. Oilbert on February 9th, 2010 2:06 pm

    A very simple solution to all this . . . all you need to do is move the file bento.bentodb from your user account’s Library/Application Support/Bento folder and put it into a encrypted disk image. I have a simple Automator script that first moves the file back into the application support folder and then opens bento. Another script for closing bento and then moving the file back into the encrypted disk image.
    I use this a lot as disk images are the best way of selectively securing your data. That, combined with the ususal Mac security steps (1. always require login password to login, wake from sleep, wake from screensaver 2. give login keychain a separate password that is not your login password) is a good way forward.

Leave a Reply