Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: Walter Ian Kaye <email@hidden>
- Date: Sun, 28 Mar 2004 17:31:05 -0800
At 07:03p -0600 03/28/2004, John C. Welch didst inscribe upon an
electronic papyrus:
On 3/28/04 5:41 PM, "Walter Ian Kaye" <email@hidden> wrote:
>> Nonsense. I just put a test page on my web site on a remote
server, clicked
>> the link, and iCal came up. So, clicking a link on a remote server allowed
>> missing link to open a local application with no authorization or
>> authentication whatsoever.
>
> No, *that* is nonsense. You did not click remotely, you clicked locally.
> Have someone *else* on your network click on the page, and see if it
> runs something on your computer. It won't; it'll run it on theirs.
> It's local.
<oy>...point dodging...the page lives on a remote server. This is, by the
way, how web - based exploits from web sites work. You load the page. In the
page are scripts that are running against your system. If you replicate the
click action in a script, then you have an remote site automatically running
applications on your system because you opened a web page
It is clear from the above that your issue is NOT with ML, but with JavaScript.
Therefore, the only "security issue" with ML is the presense of JavaScript.
Disable JS, and ML is safe.
JS has been infamous for its security problems for years. Many people
disable it for precisely that reason.
If you're going to point the finger of blame, point it in the correct
direction: JavaScript.
-W
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.