Suppressing Access Lists to be Exposed by the XML Service

by Nicholas Dille on 02/09/2009 | 0 Comments | 1,652 Views
Tweet thisShare

In an earlier article about the XmlServiceExplorer, I explained how to obtain the access list of all published applications in a farm from the XML service.

As this information is offered without authentication, it can be considered a security issue. The XML service should rather offer the resulting list of published applications based on the access lists instead of the access list themselves.

Fortunately, this behaviour of the XML service can be suppressed by changing a registry key on the Presentation Server / XenApp server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\XML Service]
"ExposeAccessLists"=dword:00000000

Using the same settings as in the example of my earlier article, the XML service only returns an empty tag called Details.

This configuration option should also be able to settle the discussion in the security forum of Brian's site.

Please note that this switch is not documented (as far as I know). Be sure to have tested this before deployment in a production environment.

Trackback URL for this post:

http://www.sepago.de/e/trackback/1255

[Your opportunity] User Profile Migrator, the new sepago product that makes migrating user personalities between different platforms a breeze.! Download a free eval now!

Tags

Blog Tags

2 responses for "Suppressing Access Lists to be Exposed by the XML Service"
Submitted by Reading Farm Information from the XML Service at Nicholas Di on 16.12.2008.

[...] applications which I

[...] applications which I described in a tutorial to the XmlServiceExplorer. Although it is possible to suppress the access lists being disclosed by the XML service, the switch is not [...]

Submitted by Suppressing Access Lists to be Exposed by the XML Service at on 09.02.2009.

[...] whole article is

[...] whole article is available in my personal blog. Print This Post « Debugging Using the XmlServiceExplorer - Part [...]

Add Comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.
Nicholas Dille's picture
 Nicholas Dille
Head of Technology and Innovation
Blogs about Centralized computing, virtualization and performance monitoring
Personal Profile
Personal Blog
RSS-Feed
Twitter: NicholasDille
 Contact

Latest posts
08/04/2010 Pains with EFS and Network Destinations
07/26/2010 Building Custom EdgeSight Reports Part 3 - The Query
07/16/2010 Building Custom EdgeSight Reports Part 2 - The Database

Most viewed
12,093 Views
Who Needs Aero Glass Remoting? Although It's Cool!
10,337 Views
Jailed 32-Bit Processes on Windows x64 (Update)
6,590 Views
Emulating a Redirecting Load Balancer for WI and PNA