https://rawcull.netlify.app/tags/security/Recent content in Security on RawCullHugoenFri, 27 Mar 2026 15:07:49 +0100https://rawcull.netlify.app/docs/security/Mon, 23 Mar 2026 00:00:00 +0000https://rawcull.netlify.app/docs/security/<h2 id="security--privacy">Security &amp; Privacy<a class="td-heading-self-link" href="#security--privacy" aria-label="Heading self-link"></a></h2> <p>RawCull is built from the ground up with macOS security and user privacy as first-class concerns. The following is a precise and detailed account of every security mechanism the application employs, derived directly from the source code and project configuration.</p> <hr> <h3 id="app-sandbox">App Sandbox<a class="td-heading-self-link" href="#app-sandbox" aria-label="Heading self-link"></a></h3> <p>RawCull runs inside the <strong>macOS App Sandbox</strong> (<code>com.apple.security.app-sandbox = true</code>), enforced by the operating system. The entitlements file contains only this single declaration — no additional entitlements are granted. This means:</p>https://rawcull.netlify.app/blog/2026/02/05/security-scoped-urls/Thu, 05 Feb 2026 00:00:00 +0000https://rawcull.netlify.app/blog/2026/02/05/security-scoped-urls/<p>Security-scoped URLs are a cornerstone of macOS App Sandbox security. RawCull uses them to gain persistent, user-approved access to source and destination folders while remaining fully sandbox-compliant. This article walks through exactly how the implementation works, tracing the code from user interaction through to file operations.</p> <hr> <h3 id="what-are-security-scoped-urls">What Are Security-Scoped URLs?<a class="td-heading-self-link" href="#what-are-security-scoped-urls" aria-label="Heading self-link"></a></h3> <p>A security-scoped URL is a special file URL that carries a cryptographic capability granted by macOS, representing explicit user consent to access a specific file or folder. Without it, a sandboxed app cannot read or write anything outside its own container.</p>