Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How to avoid the new 'Help' URL handler vulnerability' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to avoid the new 'Help' URL handler vulnerability
Authored by: SimonDorfman.com on May 21, '04 02:05:21AM
I prefer the fix described here: http://daringfireball.net/2004/05/unsafe_uri_handlers
It uses RCDefaultApp instead of MisFox or More Internet with good reason:
MisFox and More Internet are similar utilities to RCDefaultApp, and are also both free, but there is an important difference. MisFox and More Internet both only show URI protocols registered through the Internet Config system; RCDefaultApp also shows protocols registered directly through Launch Services.
...snip...
The ‘disk:' and ‘disks:' protocols are registered directly in Launch Services, which means they aren't displayed in MisFox or More Internet. I.e., RCDefaultApp shows all the protocol handlers registered on your system; MisFox and More Internet only display the protocols that are registered through Internet Config. Plus, version 1.1 of RCDefaultApp, released earlier this week, introduced the feature that allows you to assign a protocol to "disabled". This is a more elegant solution than assigning these protocols to dummy applications, such as Mac OS X's Chess game.


[ Reply to This | # ]
How to avoid the new 'Help' URL handler vulnerability
Authored by: osxpounder on May 21, '04 03:03:58PM

Thank you for the cogent explanation -- now I understand why RCDefaultApp is the best possible fix available to me. I'm convinced, and I'm applying it to all our Apples. Whew!

---
--
osxpounder



[ Reply to This | # ]