Welcome to the MacNN Forums.

Mark N · Feb 17, 2004, 02:25 AM

I posted this at Apple.com, and got some response, but no explanations.

I've got a major hole I may have inadvertantly uncovered. I just purchased a G4 powerbook. It's running 10.3.2 and I've got a dual 800 with the same OS. I have similar set ups. In facet both machines have the same short name, user name, and password. The problem is that when I use Spamfire, it auto launches Entourage with an applescript to receive new mail. The problem arises when it launches entourage on both machines. They are only connected via airport, no file sharing turned on or sharing of any kind. Seems possibly like a big problem to me. Sorry for the typos I'm using a beta of fire fox and the input boxes lag seriously behind the typing.

I've also notice that since adding the powerbook, sharing prefs are constantly resetting on both machines.

rjenkinson · Feb 17, 2004, 02:33 AM

Originally posted by Mark N:
In fact both machines have the same short name, user name, and password.

this is a bad idea.

-r.

Mark N · Feb 17, 2004, 02:36 AM

I'm beginning to realize this, but now my concern is if this is a security hole and anyone else who were to "guess" a short name and password could manipulate the machine via applescript.

Exactly, why do you say it's a bad idea? Networking probs?

Developer · Feb 17, 2004, 02:45 AM

I don't think it's a problem to have the same user names on multiple machines. Wouldn't see why. It's probably a bad idea to have the same computer names, but you can easily change that in the "Sharing" preference pane.

With regard to AppleScript, open System Preferences->Sharing->Services and see whether you have Remote Apple Events on. Turn that off and you shouldn't be able to script that computer any more.

Mark N · Feb 17, 2004, 02:53 AM

That was a suggestion at apple.com, but I have no sharing prefs on. Remote is off.

Person Man · Feb 17, 2004, 06:48 PM

Originally posted by rjenkinson:
this is a bad idea.

-r.

I don't know. My PowerBook and my desktop have identical user accounts (same username, and password). The two have different hostnames, however, and the network sees them just fine. I only have my laptop hooked to the network when transferring files between the machines.

Detrius · Feb 17, 2004, 09:29 PM

Do you have "Remote Apple Events" enabled in the Sharing section of the System Preferences? That you to run Apple Scripts from other machines.

Dudaev's Corpse · Feb 17, 2004, 09:48 PM

Originally posted by Mark N:
if this is a security hole and anyone else who were to "guess" a short name and password could manipulate the machine via applescript.

dude, if someone has your username and password you're screwed. That's the most basic way any computer or system authenticates. I'm lost as to why you think this is a security hole.

Mark N · 02:16 AM

Remote sharing events is not turned on...

yes. I'm mainly curious as to why when I have no sharing prefs turned on at all, an applescript on one machine is able to control an applescript on the other machine. I changed the passwords so that they were different, and only the short usernames were the same. The powerbook was able to control the machine via applescript then, too. Only once I changed the short name did the process stop.

Developer · Feb 18, 2004, 01:56 AM

If remote Apple Events are turned off, than AppleScript can not control the computer. Regardless of user name and password.

fizzlemynizzle · Feb 18, 2004, 02:13 AM

sounds like something in rendezvous. dunno if i'd call it a bug if you have machines with the same name as well as matching usernames and passwords..

if someone already has your username and password you have more to worry about than remotely launching entourage.