Suppressing Access Lists to be Exposed by the XML Service

by Nicholas Dille on 02/09/2009 | 0 Comments | 2,343 Views
Tweet thisShare

In an earlier article about the XmlServiceExplorer, I explained how to obtain the access list of all published applications in a farm from the XML service.

As this information is offered without authentication, it can be considered a security issue. The XML service should rather offer the resulting list of published applications based on the access lists instead of the access list themselves.

Fortunately, this behaviour of the XML service can be suppressed by changing a registry key on the Presentation Server / XenApp server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\XML Service]
"ExposeAccessLists"=dword:00000000

Using the same settings as in the example of my earlier article, the XML service only returns an empty tag called Details.

This configuration option should also be able to settle the discussion in the security forum of Brian's site.

Please note that this switch is not documented (as far as I know). Be sure to have tested this before deployment in a production environment.

+++ Your opportunity +++ Use Profile Migrator 2, the new sepago product that makes migrating user personalities between different platforms a breeze.! Download your free version now!

Tags

Blog Tags

2 responses for "Suppressing Access Lists to be Exposed by the XML Service"
Submitted by Reading Farm Information from the XML Service at Nicholas Di on 16.12.2008.

[...] applications which I

[...] applications which I described in a tutorial to the XmlServiceExplorer. Although it is possible to suppress the access lists being disclosed by the XML service, the switch is not [...]

Submitted by Suppressing Access Lists to be Exposed by the XML Service at on 09.02.2009.

[...] whole article is

[...] whole article is available in my personal blog. Print This Post « Debugging Using the XmlServiceExplorer - Part [...]

Add Comment

The content of this field is kept private and will not be shown publicly.
Captcha
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.

Citrix Competence Blog

The perfect integration of Citrix products is one main focus of sepago consulting services. In this blog our consultants are reporting about trends, new technologies and technical deep dives.The best place for straight talk about Citrix Products.

RSS-FeedSubscribe all Articles

Recent Articles

Citrix NetScaler 10.x

Citrix AppDNA 6–don’t miss out on these new...

Automatischer Export und Import von Citrix...

 

About the author
nicholas's picture
 Nicholas Dille
Head of Technology and Innovation
Blogs about Centralized computing, virtualization and performance monitoring

All articles

Most viewed
18,497 Views
Who Needs Aero Glass Remoting? Although It's Cool!
15,677 Views
Emulating a Redirecting Load Balancer for WI and PNA
14,027 Views
Building Custom EdgeSight Reports Part 4 - The Wedding

nicholas´s Tags

nicholas´s Blog Categories

sepago @ facebook sepago @ twitter sepago newsfeed