Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!ames!ig!arizona!ric
From: ric@cs.arizona.edu (Ric Anderson)
Newsgroups: comp.sys.mac
Subject: Re: On Location is BAD NEWS!
Summary: If On Location can beat AppleShare, what else can?
Message-ID: <18045@megaron.cs.arizona.edu>
Date: 18 Feb 90 04:22:12 GMT
References: <17721.635313273@ics.uci.edu>
Organization: U of Arizona CS Dept, Tucson
Lines: 34

In article <17721.635313273@ics.uci.edu>, truesdel@ICS.UCI.EDU (Scott Truesdell) writes:
> 
> Mitch Kapor's new venture sounded like a neat hack.
> Then I read something in MacWorld, March, 1990, MacWorld News, page
> 119, right under Mitch's picture that chilled my blood. I quote:
> 
> 	"AppleShare volumes also present a curious problem:
> 	[On Location] indexes don't respect AppleShare's
> 	security features, so you can't prevent users from
> 	finding text in folders they are not authorized to
> 	read. On Technology plans a fix for a later version."
> 
> I am NOT a happy camper tonight  :-(
> 
>   --scott

If this is true, the real problem is NOT "On Location" or
MacWorld.  The problem is that there exists a way for an
ordinary application to bypass file server file protection.

This would imply that anyone writing an application for a
Mac can read AppleShare protected files.  That's not a warm
comforting thought, ESPECIALLY if there are students on one's
AppleShare file server.

Ric

Ric Anderson                    Bitnet: Ric@Arizrvax
Member of the Technical Staff   Internet: ric@cs.arizona.edu
University of Arizona           UUCP: uunet!arizona!ric
Department of Computer Science  AT&T: (602) 621-4048
Gould-Simpson Room 721
Tucson, Arizona 85721
---