[whatwg] whatwg Digest, Vol 82, Issue 10

[Roger Hågensen]

On 2011-01-05 01:07, Seth Brown wrote:
> I couldn't agree more that we should avoid turning this into vista's UAC.

The issue with UAC is not UAC.
UAC (especially the more dilligent one on Vista) merely exposed 
programmers and software expecting raised priviledges while they 
actually did not need them.
Linux has had "UAC" pretty much from day one so programmers and software 
has played nice from day one.
And UAC is not really security as it does not protect the user, UAC is 
intended to ensure that a user session won't fuck up anything else like 
other accounts or admin sessions or the OS/kernel.
UAC protects the system from potentially rogue user accounts.
So it's a shame that UAC's introduction in Vista brought such a stigma 
upon it as I actually like it.

Myself I have a fully separate normal user account (rather than the 
split token one that most here probably uses) so I actually have to 
enter the admin password each time,
but I do not find it annoying, and I actually develop under this normal 
user account.
only system updates or admin stuff need approval, and the odd software 
(but I try to avoid those instead).
Running software or installing software need to bring up any UAC at all, 
if it does it is simply lazy coding by the developers,
and any webapp stuff should also follow the same example in this case.

UAC is meant to help isolate an incident and prevent other parts of a 
system from being affected, or other users/accounts,
so a webapp should be secured under those same principles.
Considering all the issues with cross site exploits and so on it's 
obvious that the net is in dire need of some of those core principles,
so please do not so easily dismiss UAC due to how it's perceived, but 
rather judge it by what it actually is instead.


-- 
Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/