Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: "John C. Welch" <email@hidden>
- Date: Fri, 26 Mar 2004 16:08:41 -0600
On 3/26/04 3:24 PM, "Walter Ian Kaye" <email@hidden> wrote:
>
> At the moment, the only thing that makes Missing Link more dangerous than an
>
> emailed AppleScript is that no user intervention is required to run *any*
>
> script. Can you find a way round that? Only scripts with a certain
>
> identification will be run, perhaps. Perhaps a white list of scripts, or a
>
> white list of web pages from which scripts could be run. Each web page has
>
> an address, so you could limit Missing Link to pages from a certain folder
>
> on your machine, pages on a certain server, or pages which originate in your
>
> subnet.
>
>
I've often thought about the ability to download and run an
>
AppleScript. In my case, the runner (aka HTTP helper) app would
>
analyze the script and check it against a whitelist. If it passes, it
>
gets run; if not, a dialog appears stating why it was, uh, arrested.
>
I think that's how Java's sandbox works, isn't it?
>
>
I don't know if there's any way for a helper app to know where its
>
file came from, so I don't see how you would check the address.
There are a number of ways to deal with this.
The simplest is to require some form of manual intervention in the form of a
dialog that requires some kind of human interaction that isn't easily
bypassed, such as a checkbox, or a password. (note, in this case, the
password doesn't matter, as long as it's not blank). This creates a
stumbling block that can't be bypassed easily be some version of Okey -
Dokey.
You could actually check the password against something, say a keychain
value. A bit more safer since then, you actually need a proper password.
You could check to see if the person entering the password is really
authorized as a user on the system. This gets more complex, as you now start
deailing with the authentication frameworks.
Another option is to use pre-built SSH keys, if that's a viable option.
The big thing with something like missing link is just that extra step to
say "HEY...this web site wants to do <foo>, is that okay?"
That would stop 90% of the evil without a lot of work at all.
john
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d- s+:+ a C ULX+++ P+ L- E W+++
N+ o+ K? w$ O+++@ M++@ V$ PS+(++) PE
Y+ PGP t+ 5+ X- R+(++) tv+ b++++ DI+++
D- G e+(++) h- r+(++) y++++
-----END GEEK CODE BLOCK-----
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.