Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: "John C. Welch" <email@hidden>
- Date: Tue, 30 Mar 2004 14:42:08 -0600
On 3/30/04 1:59 PM, "Michael Terry" <email@hidden> wrote:
>
> So in other words, unless you can show that a security hole can affect
>
> a
>
> very large percentage of users, then we should just keep quiet about
>
> it?
>
>
>
>
If a "security hole" relies on social effects rather than assertive
>
action by the cracker and it affects a sufficiently low percentage of
>
users--in this case essentially indistinguishable from 0--then it's not
>
a security hole.
>
>
At the start of this thread, you implied that a cracker could take
>
assertive action against a Missing Link user. This has been shown not
>
to be true.
Actually, it has, you just simply refuse to acknowlege that it is a hole,
and is easily plugged via a number of methods. It's also been shown that one
of the two things you cite as a "security" protection, the hard drive name
requirement is not required for ML to function, so basic POSIX paths can be
used with ML, and no hard drive name is required. So the only security ML
has is that not a lot of people use it, and hopefully, whomever uses it
would change the protocol name.
"not a lot of people use it" and "hopefully" are not part of a good security
implementation.
john
--
There is no limit to the good you can do if you don't care who gets the
credit.
-General George C. Marshall
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.