Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: "John C. Welch" <email@hidden>
- Date: Fri, 26 Mar 2004 11:24:21 -0600
On 3/26/04 10:55 AM, "Peter Bunn" <email@hidden> wrote:
>
I am in the unenviable position of knowing enough to have created it, but
>
_not_ knowing enough to slam my right hand on a bible or manifesto and
>
swear that it could _never_ be used for malicious purposes despite my
>
best efforts to ensure that it can't.
If you wish to take your ball and go home, that is of course your choice.
No one was asking for a signed note from god. We DID want at least some kind
of positive obstacle that simply did not exist in the application as
implemented.
Even a simple dialog from missing link requiring some sort of password that
could be checked against a keychain entry would have worked as a way to make
sure that the human at the computer was the initiator of this action, and
not a javascript, or some other remote mechanism telling the browser to send
the open event. That's all. That would have worked. It might have been
inconvenient, but when you talk about setting up a web site that can run
applications on a machine that is in a remote location and outside of the
scope of the web browser, then you have to think about these things.
Having someone use Missing Link as a trojan engine, which it is EMINENTLY
suited for, would be far more inconvenient.
john
--
"Sure I am this day we are masters of our fate, that the task which has been
set before us is not above our strength; that its pangs and toils are not
beyond our endurance. As long as we have faith in our own cause and an
unconquerable will to win, victory will not be denied us."
- From sign in SEAL training facility (Sir Winston Churchill)
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.