Run-Only Scripts And Data Security

Originally published at:

A word of caution about the security of run-only scripts. Please be aware that exporting a script as Run-Only only prevents others from seeing your script’s source code. It does not conceal literal data stored within your script. If you are embedding sensitive information, such as passwords, within your script’s source code then you need…


Agree, totally. Run-only scripts offer zero security.

Not so much. There are tools that will output the data much more cleanly than od. This uses the built-in xxd disassembler:


Edit: Just noticed you can get a slightly cleaner output than Mark’s from od by using its -c flag and a bit of sed (cue for @NigelGarvey to do it properly :smiley: ):

od -c ~/Desktop/RunOnly.scpt | sed 's/ \\0 //g'

1 Like