• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: AppleScript & HTML Again...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AppleScript & HTML Again...

  • Subject: Re: AppleScript & HTML Again...
  • From: Michael Terry <email@hidden>
  • Date: Tue, 30 Mar 2004 14:09:25 -0800
On Mar 30, 2004, at 12:42 PM, John C. Welch wrote:

Actually, it has, you just simply refuse to acknowlege that it is a hole,

Right, I don't acknowledge it and I'm confident anyone who keeps in mind everything that must happen socially and technically for the proposed exploit to happen doesn't acknowledge it either.

and is easily plugged via a number of methods.

The extra hassles and hobbles are not justified by the small change in absolute risk they would confer. It's amazingly likely no Missing Link users will suffer under the current implementation and it's shockingly likely no Missing Link users would be harmed using any suggested "solution". Infinitesimally close to 0 isn't much different from immeasurably close to 0.

Remember, you initially claimed that the first cracker who learned someone had Missing Link installed would make a successful attack on him. That's been proved false.

It's also been shown that one
of the two things you cite as a "security" protection, the hard drive name
requirement is not required for ML to function, so basic POSIX paths can be
used with ML, and no hard drive name is required.

Haha! Don't be silly. I never made any claims about the hard drive name. The hard drive name is irrelevant.

So the only security ML
has is that not a lot of people use it, and hopefully, whomever uses it
would change the protocol name.

Nah, It has high social security in any case because of the boring nature of the exploit.

As a bonus, network administrators, and anyone else who wants to be extra secure, can lock down the system by changing the--what did Walter want us to call it?--URL scheme. This is exactly what I'd expect a network administrator to do. Naturally, I won't because the risk of the default setup has been blown out of proportion. It's hard for people to keep perspective, I understand. Anything that has inspired such a long, contentious thread must carry with it some risk to be concerned about, right?


Mike
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • Re: AppleScript & HTML Again...
      • From: "John C. Welch" <email@hidden>
References: 
 >Re: AppleScript & HTML Again... (From: "John C. Welch" <email@hidden>)

  • Prev by Date: Re: help on a script regulating folder size please
  • Next by Date: Re: do shell script curl where url must contain double quotes
  • Previous by thread: Re: AppleScript & HTML Again...
  • Next by thread: Re: AppleScript & HTML Again...
  • Index(es):
    • Date
    • Thread