Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A possible Strategy to secure this' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A possible Strategy to secure this
Authored by: SOX on May 03, '06 09:21:56PM

need to add the following:

Require that two additional lines in the body:
second line should be anything, but some phase or digit not previously sent.
Third line should be the md5checksum of the first two lines concatenated with a password.

script can then verify two things:
1) the second line is something it has never seen before.
2) the md5 checksum of the first two lines (plus secret password) matches.

applescript should store the second line in a list of previously sent liines. This can be done with a property list in the apple script. (For the paranoid you may want to also include an md5 of any attachment in the second line and check that too.)

Additionally for safety the script ought to line length check the lines or set a max-length. This may help avoid some sort of buffer overflow upon execution





[ Reply to This | # ]
A possible Strategy to secure this
Authored by: ekc on May 12, '06 12:06:38PM

Sounds like a good idea. It would buy you a lot of security for only a few extra lines in the script. You can call openssl to generate the checksums, and the same tool can even encrypt your file attachments to keep eavesdroppers out.

In theory, an alternative would be to recognize certain digital signatures and only respond to those, but unfortunately, I don't think there is any AppleScript support for this in Mail. SOX's home-grown approach is probably the easiest to implement.



[ Reply to This | # ]