Thread-topic: Remote Apple Events/Standard Additions Security Issue
User-agent: Microsoft-Entourage/10.1.0.2418
On 8/31/05 03:23, "Martin Orpen" <email@hidden> wrote:
>>> We use Remote Apple Events on some of our Macs - it's a very
>>> useful feature. But returning a list of current apps is one
>>> feature too far and we've made sure that no unknown IPs are
>>> allowed to use port 3031.
>>>
>>
>> It is not a security issue. It could have been a security issue
>> whether you had chosen NOT to activate Remote Apple events and
>> could access the list of applications. And only admin users are
>> supposed to do this, so who cares ?
>>
>> The fact that some function does not please you because it "shows
>> too much" is not a security issue. It is by design, it has always
>> been since System 7.5 (maybe Mac OS 8).
>
>
> That isn't true, OS X has never had that particular feature. Previous
> OSs did have, but they also had AppleShareIP too - some features are
> best consigned to history ;-)
What, remote Apple events? The initial releases didn't have it, but it's
been a part of the OS for a while now.
As well, AppleShareIP was a server product. And, rather a decent one outside
of a kind of silly email server. Up until Tiger server, had a better print
server than OS X.
>
> Scripters can easily get a list of active processes using remote
> apple events. I really don't think that so much information should be
> handed over without some form of authentication.
I have to agree with Martin on this one...it should require authentication
for every eppc connection, regardless of use.
--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
