luke@tasis.utas.oz.au@munnari.oz (Luke Visser) (11/10/89)
In article <3429@umiami.miami.edu> GROSS@umiami.miami.edu (Jason Gross) writes: > Someone here mentioned some grumblings about Public Folder's security > problems...well, here's the reality: > > Someone walked in one day and put their version of PF on all the student > Macs and all the staffworker's Macs. They set the path on each PF to the > hard drive's root directory effectively letting the person steal everything > off of a hard drive. Ok here's a solution that not a perfect one but one that certainly eases my mind and makes changing the 'public folder' somewhat harder. The solution is to change the dialog item from an editable text item to a static text item. This means that it cannot be modified. This doesn't solve the above problem but you can make the above harder by locking (*get info* on it) and then turning it invisible (see below). After setting the 'public folder' in Chooser open ResEdit. Do a *get info* on 'Public Folder' and select the invisible flag. The prevents doing the above *easily*. Now open 'Public Folder', then open 'DITL' and then open 'DITL cConfig Id = -4072'. *Select item number* 9 and then open it, change editable text to static text. Luke Visser --------------------------------------------------------------------------- "I'm a Tasmanian" - Albert Einstein Snail: Uni of Tasmania, Box 252C GPO, Hobart 7001, Tasmania, Australia. ACSnet: luke@tasis.utas.oz ARPA: luke%tasis.utas.oz@uunet.uu.net UUCP: {enea,hplabs,mcvax,uunet,ukc}!munnari!tasis.utas.oz!luke
urlichs@smurf.ira.uka.de (Matthias Urlichs) (11/14/89)
In comp.sys.mac.programmer luke@tasis.utas.oz.au@munnari.oz (Luke Visser) writes: < In article <3429@umiami.miami.edu> GROSS@umiami.miami.edu (Jason Gross) writes: < > Someone walked in one day and put their version of PF on all the student < > Macs and all the staffworker's Macs. They set the path on each PF to the < > hard drive's root directory effectively letting the person steal everything < > off of a hard drive. < < Ok here's a solution that not a perfect one but one that certainly < eases my mind and makes changing the 'public folder' somewhat harder. < [...] < (*get info* on it) and then turning it invisible (see below). < Which will also stop Public Folder from working altogether. INIT31 skips any invisible file because of possible viruses lurking therein.
vallon@sbcs.sunysb.edu (Justin Vallon) (11/18/89)
In article <1189@smurf.ira.uka.de> urlichs@smurf.ira.uka.de (Matthias Urlichs) writes: >In comp.sys.mac.programmer luke@tasis.utas.oz.au@munnari.oz (Luke Visser) >writes: >< In article <3429@umiami.miami.edu> GROSS@umiami.miami.edu (Jason Gross) writes: >< > Someone walked in one day and put their version of PF on all the student >< > Macs and all the staffworker's Macs. They set the path on each PF to the >< > hard drive's root directory effectively letting the person steal everything >< > off of a hard drive. >< >< Ok here's a solution that not a perfect one but one that certainly >< eases my mind and makes changing the 'public folder' somewhat harder. >< [...] >< (*get info* on it) and then turning it invisible (see below). >< >Which will also stop Public Folder from working altogether. >INIT31 skips any invisible file because of possible viruses lurking therein. Right. Also, what does hiding PF accomplish? You can't access it from the Finder, but who cares? You can still reach it from the Chooser. If you hide it from the Finder and the Chooser, I'd say you might as well throw the thing out. I don't understand what the real problem is here. I can write an INIT that reboots your computer, erases the drive, etc. I walk up to your machine, drop in the INIT, and walk away. If you don't have physical security for your machine, you definately cannot expect internal security. This isn't a multiuser system with passwords, etc. If you can't control outside users dropping things into your System folder, then think about some sort of password utility that comes up when you boot, or a DA password utility that locks the machine up until you get back, or locking your room. -Justin vallon@sbcs.sunysb.edu