Suppressing Access Lists to be Exposed by the XML Service
|
by Nicholas Dille on 02/09/2009 | 0 Comments | 1,530 Views
|
In an earlier article about the XmlServiceExplorer, I explained how to obtain the access list of all published applications in a farm from the XML service.
As this information is offered without authentication, it can be considered a security issue. The XML service should rather offer the resulting list of published applications based on the access lists instead of the access list themselves.
Fortunately, this behaviour of the XML service can be suppressed by changing a registry key on the Presentation Server / XenApp server:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\XML Service]
"ExposeAccessLists"=dword:00000000
Using the same settings as in the example of my earlier article, the XML service only returns an empty tag called Details.
This configuration option should also be able to settle the discussion in the security forum of Brian's site.
Please note that this switch is not documented (as far as I know). Be sure to have tested this before deployment in a production environment.
Trackback URL for this post:
http://blogs.sepago.de/e/trackback/1255
- ‹‹‹ previous Article
- 28 of 80
- next Article ›››
[Your opportunity] IT-Competence and work-live-balance is our USP. Continue your career with sepago! Immediate job offers
Tags
0 responses for "Suppressing Access Lists to be Exposed by the XML Service" |
Add Comment
 |
Nicholas Dille Head of Technology and Innovation Blogs about Centralized computing, virtualization and performance monitoring Personal Profile Personal Blog RSS-Feed  Twitter: NicholasDille  |
 |
Latest posts
Most viewed
| Title | |
|---|---|
| 11,524 Views |
Who Needs Aero Glass Remoting? Although It's Cool! |
| 10,117 Views |
Jailed 32-Bit Processes on Windows x64 (Update) |
| 6,217 Views |
Emulating a Redirecting Load Balancer for WI and PNA |