>-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Rob Kennedy >Sent: Friday, April 21, 2006 9:22 AM >To: Delphi-Talk Discussion List >Subject: Re: Writing to registry under a limited account >(Windows2000/XP) > >Burns, Christopher H. (Chris) wrote: >> There is an inherent problem with this structure too. >> >> Most corporations (as a policy) require the user to change their >> passwords every so often. > >Corporations probably aren't Human's intended users. If the trial >program is used on a corporate computer, what are the chances that the >user will be allowed to create arbitrary accounts on the computer just >to use the software for another month?
True, but my development philosophy has been to develop broadly, that way if a user needs to use your application there is less chance they may be precluded from using it. However, that is my personal philosophy. As far as the chances of accounts being able to be created. At the moment, kind of high. There are many corporations that are allowing end users to be administrators just so the administrators don't have to go through the trouble of logging in and out to install applications. Bear in mind when I say this I am talking about satellite offices where corporate types don't directly interface at an intelligent level (actual human interaction). Not many non-corporate types understand the intricacies of rights based management(at least in corporations I have worked at). Now, in a properly implemented corporate environment, you are correct, this would not be possible. This is simply the design -vs- implementation problem at work. Most companies I have worked for don't realize how remote application installs (via software designed to do this) can help this. > >> Generally this is monthly, but can vary >> widely depending on the security level the corporation wishes to >> enforce. > >The clear solution to that is to re-prompt for the password if the >cached one doesn't work. > Reprompting is a possible solutions, but the try/fail structure just adds an invalid logon attempt to the account. This can raise flags in audit trails. Which is not the problem I thought of earlier with this approach. >> Cacheing the password is also bad form because it provides >> another place the password can be harvested from(by hackers). > >Or by the actual user! True > >Even that might not be as bad as having the program run with elevated >privileges. If the program uses a common file-open dialog, >then the user >now has full access to all the computer's files. Two words here, stub application. The program that actually does the writing in elevated privilege, should be designed for that only (ie.. No GUI). For that exact reason. It can use interprocess communication (or messages) to talk back with that main application. > >-- >Rob >__________________________________________________ >Delphi-Talk mailing list -> Delphi-Talk@elists.org >http://www.elists.org/mailman/listinfo/delphi-talk > ----------------------------------------- This message and any attachments are intended for the individual or entity named above. If you are not the intended recipient, please do not forward, copy, print, use or disclose this communication to others; also please notify the sender by replying to this message, and then delete it from your system. The Timken Company / The Timken Corporation __________________________________________________ Delphi-Talk mailing list -> Delphi-Talk@elists.org http://www.elists.org/mailman/listinfo/delphi-talk
