Suppressing Access Lists to be Exposed by the XML Service

by Nicholas Dille on 02/09/2009 | 0 Comments | 2,346 Views
Tweet thisShare

In an earlier article about the XmlServiceExplorer, I explained how to obtain the access list of all published applications in a farm from the XML service.

As this information is offered without authentication, it can be considered a security issue. The XML service should rather offer the resulting list of published applications based on the access lists instead of the access list themselves.

Fortunately, this behaviour of the XML service can be suppressed by changing a registry key on the Presentation Server / XenApp server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\XML Service]
"ExposeAccessLists"=dword:00000000

Using the same settings as in the example of my earlier article, the XML service only returns an empty tag called Details.

This configuration option should also be able to settle the discussion in the security forum of Brian's site.

Please note that this switch is not documented (as far as I know). Be sure to have tested this before deployment in a production environment.

+++ Profile Migrator 2 - Ein neuer Desktop, ein frisches Benutzerprofile und alle bewährten Einstellungen und Daten. Jetzt kostenlos und unbefristet testen!

Tags

Blog Tags

2 responses for "Suppressing Access Lists to be Exposed by the XML Service"
Submitted by Reading Farm Information from the XML Service at Nicholas Di on 16.12.2008.

[...] applications which I

[...] applications which I described in a tutorial to the XmlServiceExplorer. Although it is possible to suppress the access lists being disclosed by the XML service, the switch is not [...]

Submitted by Suppressing Access Lists to be Exposed by the XML Service at on 09.02.2009.

[...] whole article is

[...] whole article is available in my personal blog. Print This Post « Debugging Using the XmlServiceExplorer - Part [...]

Add Comment

Der Inhalt dieses Feldes wird nicht öffentlich angezeigt.
Sicherheitscode
Diese Frage hat den Zweck zu testen, ob Sie ein menschlicher Benutzer sind und um automatisierten Spam vorzubeugen.
Bild-CAPTCHA
Geben Sie die Zeichen ein, die im Bild zu sehen sind.

Citrix Competence Blog

Der optimale Einsatz der Citrix Produktpalette steht seit Jahren Im Fokus der sepago Beratungsdienstleistung. In diesem Blog berichten wir über neue Trends, technische Details und unsere Erfahrungen aus vielen Citrix Projekten.

RSS-FeedAlle Artikel des Competence Blogs abonnieren.

Aktuelle Artikel

Install Internet Information Services (IIS) on...

Citrix NetScaler 10.x

Citrix AppDNA 6–don’t miss out on these new...

 

Über den Autor
Bild von nicholas
 Nicholas Dille
Head of Technology and Innovation
Blogs about Centralized computing, virtualization and performance monitoring

Alle Artikel des Bloggers

Most viewed
18,518 Views
Who Needs Aero Glass Remoting? Although It's Cool!
15,759 Views
Emulating a Redirecting Load Balancer for WI and PNA
14,222 Views
Building Custom EdgeSight Reports Part 4 - The Wedding

nicholas´s Tags

nicholas´s Blog Categories

sepago @ facebook sepago @ twitter sepago newsfeed