Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uwm.edu!bionet!agate!usenet.ins.cwru.edu!pyrite!mike
From: mike@pyrite.SOM.CWRU.Edu (Michael Kerner)
Newsgroups: comp.sys.mac.hypercard
Subject: Re: Hypercard security
Message-ID: <1991Apr12.140106.10947@usenet.ins.cwru.edu>
Date: 12 Apr 91 14:01:06 GMT
References: <1991Apr10.200045.28085@leland.Stanford.EDU>
Sender: news@usenet.ins.cwru.edu
Organization: WSOM CSG, CWRU, Cleve. OH
Lines: 25
X-Post-Machine: pyrite.som.cwru.edu
Nntp-Posting-Host: pyrite.som.cwru.edu

HA!  Right.  Security in anything below 2.0 is a joke.  If you are putting the
stack on an AppleShare server you could lock it and make sure none of your
users have write access to the directory.  That would make sure that noone
can change it.  The main problem is that if ANYONE gets write access, there is
a simple (relatively) way to get around the security, any security, but first
let me explain the effort I have gone through to protect our network front-end.

All the stacks intercept the doMenu message and usually veto requests, since
none of the users have any business in there (of course, since the highest
level I grant is typing - in the login stack, there are few options available).
The second thing I do is intercept the idle message and reset the settings to
cantModify and userLevel = 2.  That way if someone is fairly intelligent and
has done what I would try then they have to exert a lot more effort to get
there.

I'm not going to post how to get around the double-dipper, although most of you
(I'm sure) know how.  For those who may be interested, I'll EMAIL it.

Later,
Mikey.
Mac Admin
WSOM CSG
CWRU
mike@pyrite.som.cwru.edu