Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Script the Login window through Apple Remote Desktop' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Script the Login window through Apple Remote Desktop
Authored by: GuidoDelConfuso on Feb 16, '10 11:04:28PM
There is nothing wrong with other scripts - they do the job, but the one I worked long and hard to find a solution for is a 100% certainty that it will not expose passwords and will login properly.

Really? You can't think of a single attack vector against sending a shell script containing a plaintext password across the network to be executed (from a world-readable file with a known name) on a machine where it trusts implicitly that the operating system utilities haven't been compromised before typing its password into the second dialog box of any application that happens to be named "SecurityAgent"? Well, how about this one, for starters: mkfifo /tmp/ ; cat /tmp/

Don't get me wrong. I'm sure your script performs admirably the job it's intended to do, and it may well be secure enough for your purposes. But let's not get cocky and claim with "100% certainty that it will not expose passwords". If anything, you're begging for your password to be stolen as soon as some inquisitive user with a bit more computer knowledge than scruples takes an interest in your remote login scheme. In other words, if you've already deployed this system in your average college computer lab--or, God forbid, a high school lab--then your password is already common knowledge among the student body.

[ Reply to This | # ]