Re: Which Windows Registry Key is BEST for my work

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


That's the concept behind that, right. If you're required to let
everyone write everywhere, you have a faulty application design. Think
about malware, which can also access everything, what the user can
access to.


This topic comes up a lot and it's always a murky issue,
with people giving answers like you're giving. To begin with
the OP is not talking about everyone writing everywhere,
willy-nilly. The question is about having *some places* where
all users have equal access, for situations where people
want to use software that way; so that anyone can change
a given setting in, say, the photo cropping software, and
everyone can access the photos saved by someone else,
without having to specially set permissions to let everyone
access C:\vacation photos.

I suspect the main reason for the confusion over this
issue is that most custom software is done for corporate
clients, where what you're saying makes sense. But there's
a whole big world out there that's not corporate - home and
small office - where people typically have only one user set
up, or only want multiple users so that they can choose
their own wallpaper.

It seems odd to me that so many people adamantly
assert what you're saying, that security requires...blah,
blah, blah....but none of those people ever comes back
to post a question like, "My wife wants to change settings.
I told her she can't because she's just a lowly, limited
user. Now she's sleeping in the spare bedroom.
What should I do?"

Could that be because those same security lovers are
sharing one PC with their family (or business partner) where
all users are admin. or there's only one user?

There are reasons, where an application needs to write, where the user
isn't permitted to do so. Such things like automatic updates or shared
databases. Thes are cases for either using impersonation to give your
app elevated permissions or you have a service application running
which manages systemwide accesses.

It is difficult to develop with security in mind, espacially when
your're comming from Win9x playstations or knowing XP only on
administrators sight.

Thorsten Doerfler
--
http://www.vb-hellfire.de/


.

Relevant Pages

  • Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
    ... >> of measurable security benefit. ... > manage a network which was formed years before UPnP was invented. ... is trustworthy and what makes it one way or another. ... I could try and preempt the entire discussion by saying unless you've ...
    (Firewall-Wizards)
  • RE: IDS vs. IPS deployment feedback
    ... While I can appreciate what you are saying, ... IDS vs. IPS deployment feedback ... An IPS must be part of a larger security ... and is for the sole use of the intended recipient. ...
    (Focus-IDS)
  • Re: Reset root password
    ... >> from different departments) saying they don't care for security at all. ... it could be time for an IT manager to have a talk with the ... If it's not for some reason (admin left the ...
    (comp.os.linux.security)
  • Re: Got told, "No photos!" today
    ... when I went to shoot, I was told by security that no photos were ... telling me no photos. ... it is a target for every security zealot. ... Department stores and malls are particularly tetchy about it. ...
    (rec.photo.digital)
  • Re: Got told, "No photos!" today
    ... when I went to shoot, I was told by security that no photos were ... telling me no photos. ... same thing, no photos, even though people had their camera phones out ... it is a target for every security zealot. ...
    (rec.photo.digital)