Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: "John C. Welch" <email@hidden>
- Date: Fri, 26 Mar 2004 10:30:50 -0600
On 3/26/04 9:55 AM, "Nigel Smith" <email@hidden> wrote:
>
I'm no JavaScript guru, but I reckon the above is easily done. Yes, the
>
hacker would have to get you to their web page (or email it), have to guess
>
or get your username and guess your download location, and would probably
>
have more success by emailing the script to a million people as an
>
attachment. But it *could* be done, and if it isn't it is because of
>
obscurity, not security.
The easy way to fix this would be to tie Missing Link into the security
framework of the OS. That way, you would have a good idea, (which Missing
Link is), implemented in a way that doesn't automatically allow
unauthenticated execution of applications on your machine, (which is a bad
thing). It would make using Missing Link as part of a trojan horse scheme
much harder, if not impossible.
I like the idea behind missing link, it has some real value, but you simply
cannot implement something like this with a "hope for the best" mentality
towards security. Hell, if it gets reimplemented within a proper security
framework, I'd buy a few copies, I can use something like that right now.
john
--
Beat off enough and eventually someone will walk in on you while you9re
doing it. When this happens, pause, look them directly in the eye and say,
3You done ruined the romance, so go ahead and say whatever it is you want to
say.2 If they don9t immediately apologize and leave, run over there and put
your hands on their face.
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.