Re: Accessibility penalty?
Re: Accessibility penalty?
- Subject: Re: Accessibility penalty?
- From: Raymond Fischer <email@hidden>
- Date: Wed, 30 Jul 2003 11:20:47 -0700
On Tuesday, July 29, 2003, at 11:28 PM, Bill Cheeseman wrote:
on 03-07-29 9:29 PM, Andrew Taylor at email@hidden wrote:
Security. The Accessibility API allows programs to control the
machine and do anything to another program completely behind the
user's back. It is potentially the "back door" that weakens UNIX when
remote control of another machine is left unguarded. It is just like
putting your valuable data on a machine and turning on guest access
on the internet. So Apple turns it off by default (as they should)
and requires a real user to turn it on.
On this theory, AppleScript and a whole lot of other built-in utilities
would also be turned off by default.
Maybe not. Take a simple example of a text field with confidential
information.
With accessibility enabled the contents of that field are public
without the
app's knowledge. AppleEvents at least have to go through the
application.
In the case of Apple's controls, accessibility events don't.
Interesting experiment: Tried connecting with a server that requires a
password. Typed in my password and then tried to get at it with
UIElementInspector.
Couldn't. Returns a value of null and a subrole of AXSecureTextField.
Gold star to whoever thought of checking for that.
----
Ray Fischer
Adobe Systems
_______________________________________________
accessibility-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/accessibility-dev
Do not post admin requests to the list. They will be ignored.