Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!hoptoad!tim
From: tim@hoptoad.uucp (Tim Maroney)
Newsgroups: comp.sys.mac.programmer
Subject: Re: Protecting Chooser name
Message-ID: <7719@hoptoad.uucp>
Date: 20 Jun 89 21:20:59 GMT
References: <1393@gwusun.gwu.edu>
Reply-To: tim@hoptoad.UUCP (Tim Maroney)
Organization: Eclectic Software, San Francisco
Lines: 24

In article <1393@gwusun.gwu.edu> viraf@gwusun.gwu.edu (Viraf Bankwalla) writes:
>
>Now changes to the Chooser name (via Chooser itself) don't change what
>AppleShare uses as the default login name, nor the name used by RegisterName.
>Changing the name now requires Resedit, which is beyond the casual user.

No, it only requires Font/DA Mover to install the real Chooser.  It's
not only easy, it's quite likely to happen when someone notices that
your hacked Chooser is misbehaving.  This is a Level I security
approach.  Remember that students tend to be both clever and
mischievous.  Anything below Level II actually encourages them
to misbehave.

Also, this patching approach ignores the fact that a DA should
recompute its resource ids dynamically, so there is no guarantee that
the resource id will appear in "unfolded" form within the DA code.

Finally, if there are any other resources with the same ID, which is
perfectly legal, your Fedit strategy just removed access to them.
-- 
Tim Maroney, Mac Software Consultant, sun!hoptoad!tim, tim@toad.com
Postal: 424 Tehama, SF CA 94103; Phone: (415) 495-2934

"Jesus died for somebody's sins, but not mine." -- Patti Smith