• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: AppleScript & HTML Again...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AppleScript & HTML Again...

  • Subject: Re: AppleScript & HTML Again...
  • From: Michael Terry <email@hidden>
  • Date: Thu, 25 Mar 2004 22:49:37 -0800
On Mar 25, 2004, at 9:38 PM, John C. Welch wrote:

I have. How does this application prevent someone from beating on it until
the URL structure is really well known, then using remote javascripts from a
web site to connect to an application on the mac and doing damage?

Because no feature of Missing Link makes this remotely possible.

"Again, I stress that ML is intended for local use only. However, there
are certain safeguards 'built in'. The user may choose a unique name for
the protocol. "

That's security via obscurity.
"Any link that is not prefixed by the proper protocol name
will be ignored by the ML 'engine'. "

"Hey guys, I'm really having a hard time with Missing Link, could someone
provide me examples of how they're using it?"

Congratulations, examples of proper protocol names have been provided. If
one person using Missing Link is doing it that way, they probably aren't
alone. In this case, patience reaps rewards.

"It is, in a sense, a passworded protection. "

It is nothing of the sort. It's obfuscation protection.

The whole foregoing discussion is irrelevant. Missing Link's default URL scheme is published: What can a cracker do with it? Nothing happens unless the user clicks on a link. Is the cracker going to travel to the user's house and click links for him? That's suspicious and possibly criminal behavior!

"Additionally, the engine only handles links with addresses absolute or
relative to the local machine(s). If it's fed an improperly addressed link,
it errors and quits. Relative links are relative only to user created and
uniquely named folders or items within the Application Support folder."

You mean like:

/usr/bin/osascript?

That's a VERY handy little absolute file address. Guess what I can do with
access to that?

Nothing. What on earth are you talking about? I mean specifically. Give an example, using Missing Link features, of what you could do with /usr/bin/osascript.


Mike
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.

References: 
 >Re: AppleScript & HTML Again... (From: "John C. Welch" <email@hidden>)

  • Prev by Date: Re: Apple can it do this?
  • Next by Date: Re: Vacation Mail script
  • Previous by thread: Re: AppleScript & HTML Again...
  • Next by thread: Re: AppleScript & HTML Again...
  • Index(es):
    • Date
    • Thread