On Tue, 2010-03-30 at 11:21 -0500, Kerry Bonin wrote: > Hello, and thanks for the comments! > > First, thank you Andrew for GetCommandLine() - 20 something years on > Windows, and I don't remember seeing that one before, certainly made this > simpler. > > On the subject of the command line in general for a service - I agree that > under most normal use a config file should be used, I just wanted to make > sure the command line was usable... > > On the security of self-installing services - if the service is doing much > more than installing itself, especially if it contains baked in credentials, > ect., that would be a very bad thing. What I've done is essentially the > equivalent of sc create|start|stop|delete wrap as a convenience function, > nothing more, and the calls execute with the same privilege level a user has > available to them at the command line.
ISTR that the issue is related to UAC, but I admit I can't quite see what the issue could be. One security related issue I'd suggest is that if running qpid as a service then we should run as an unprivileged user though with network access. qpidd only shuffles bits around a network so doesn't seem to need elevated privileges. I'm not sure how this fits exactly, but I assume that you'd need to create a new user account on installation and run the service using it. This would obviously require admin privileges. Andrew --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
