Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!mips!bridge2!jarthur!uci-ics!truesdel
From: truesdel@ics.uci.edu (Scott Truesdell)
Newsgroups: comp.sys.mac
Subject: Re: On Location is BAD NEWS!
Message-ID: <25E1D884.6863@paris.ics.uci.edu>
Date: 20 Feb 90 23:53:40 GMT
References: <18045@megaron.cs.arizona.edu> <5394@okstate.UUCP>
Lines: 37

minich@a.cs.okstate.edu (MINICH ROBERT JOHN) writes:

>[...] There are only a few possible ways I can think of
>to get around this, none of which are unstoppable.

>1. On Location is used on the server, creating a handy index that everyone else
>on the network can see. Solution: don't put it on the server! If it isn't there,
>it can't create an index. Noone can access an index that isn't there! If your
>users who want to search for files on the server must use On Location, let
>them use it from their Mac and noone will see the index unless it is made
>available to everyone else.

  [other ideas deleted]

>  I think the problem is most likely to be [1] since the [3] would need a lot of
>short-sighted work to program and not offer protection of private data and [2]
>is a trivial problem.

I believe this now, too.  Tom Dowdy <dowdy@apple.com> did some looking into
the matter and came up with pretty much this same conclusion.

Since I, as administrator, am the only one with write priveledges to the
root directory of our servers, I can pretty much keep this from happening.
If others build indexes which access protected information of their own,
then pass these indexes on to friends, it's only THEIR files they are
compromising. So all I really need to do is warn people about this
unlikely set of circumstances.

The whole story isn't out yet, but it's looking better than the MacWorld
article caused me to believe.

  --scott

Have a day   :-|

--
Scott Truesdell