• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: AppleScript & HTML Again...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AppleScript & HTML Again...

  • Subject: Re: AppleScript & HTML Again...
  • From: Nigel Smith <email@hidden>
  • Date: Fri, 26 Mar 2004 18:31:13 +0000
On 26/3/04 16:55, "Peter Bunn" <email@hidden> wrote:

> If even the hobbled version of Missing Link is scary to some, then the
> full version would be a genuine nightmare to others.
>
> For now, I have simply removed the site.

I'm sorry about that, and hope you will reconsider -- the very features that
make Missing Link potentially dangerous are the ones that also make it
interesting.

At the moment, the only thing that makes Missing Link more dangerous than an
emailed AppleScript is that no user intervention is required to run *any*
script. Can you find a way round that? Only scripts with a certain
identification will be run, perhaps. Perhaps a white list of scripts, or a
white list of web pages from which scripts could be run. Each web page has
an address, so you could limit Missing Link to pages from a certain folder
on your machine, pages on a certain server, or pages which originate in your
subnet.

I truly think that the chances of anyone hacking a Missing Link machine are
vanishingly small, and certainly smaller than the chance of being hit by the
next SSH/Apache/FTP/macro virus/whatever problem. But I'm in a similar
position to John, in that I have to think of far more machines than the one
I'm sitting at now, and far more users than just me. So I'm a lot more
cautious than when I'm at home.

But I think what needs to be done first is find general approaches a hack
might take, and what you could do to guard against them. Hopefully everyone
taking part in this thread will grab a copy of ML (put the page back up!),
put it on an isolated machine, and try everything they can to make it go
wrong. Then we can try and come up with ways of preventing them.

Later,

Nigel
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • Re: AppleScript & HTML Again...
      • From: Walter Ian Kaye <email@hidden>
References: 
 >Re: AppleScript & HTML Again... (From: Peter Bunn <email@hidden>)

  • Prev by Date: Re: Launching scripts via Keyboard Shortcuts of Keyboard System Pref Panel
  • Next by Date: Re: AppleScript & HTML Again...
  • Previous by thread: Re: AppleScript & HTML Again...
  • Next by thread: Re: AppleScript & HTML Again...
  • Index(es):
    • Date
    • Thread