18 replies to this topic

[Ilya Rabinovich]

Hi everybody!

I have an idea how to initiate software updates from within untrusted zone, but I'm in little doubts.

To implement this feature, I need to run untrusted software as trusted. But if there a password-protected DW's configuration, it will be impossible to initiate update, it will starts untrusted.

So, the question is simple- create a gate allow DW to run untrusted as trusted without password required (password security model hole) or leave it as password-protected?

[ruinebabine]

So, the question is simple- create a gate allow DW to run untrusted as trusted without password required (password security model hole) or leave it as password-protected?

I do understand that the actual software's updating processus could be tedious at time for non-techie users of DW, but I would prefer myself not going this route (i.e. punching hole in DW) if trying to solve this issue.

EDIT: So, to answer your question, my preference would be to leave it as password-protected.

Edited by ruinebabine, 21 January 2010 - 10:57 PM.

[abc]

So, to answer your question, my preference would be to leave it as password-protected.

+ 1

[CogitoErgoSum]

Hello Ilya,

Please leave it password protected.


Peace & Gratitude,

CogitoErgoSum

[takaki]

So, to answer your question, my preference would be to leave it as password-protected.

+ 1

+1

[Savage]

So, to answer your question, my preference would be to leave it as password-protected.

+ 1

+1

WTF? simple yes or no.

[Sacles]

Hello,

I do not use a password for DW. For most users, I do not see the utility of this password. So, I'm interested for Ilya's proposition

Why not give the choice to the users?

[bellgamin]

I do not use a password for DW.

I also don't use a PW for DW. (I have *another* way of protecting DW from being killed or tinkered with. Bwa-ha-ha )

Why not give the choice to the users?

I agree. Let it be a choice that the user can make or change when configuring DW.

[Sacles]

I also don't use a PW for DW. (I have *another* way of protecting DW from being killed or tinkered with. Bwa-ha-ha

This is not the passport that will protect DW to be kill by malware. This protection should be integrated into the program DW.

[abc]

currently there is no match as the score is 4-2 ...





Frankly, i do not know in depth how the idea has been developed but i think it is useful not break the password security model.

Therefore, if a user had set up a password to protect program settings, you might think of a pop-up in which it is explained that to complete the update process you must type password*...

I also don't use a PW for DW. (I have *another* way of protecting DW from being killed or tinkered with. Bwa-ha-ha

This is not the passport that will protect DW to be kill by malware. This protection should be integrated into the program DW.

you are right



* Excuse me if the concept above may seem confusing but English is not my native language..
If anyone still knows the Italian, i could always write in my native language and let others translate my concepts into a proper English ..

[mossman]

Another vote for keeping the password protection.

[andro]

I think, it would be good to initiate software updates from within untrusted zone. But, of course, it depends on realization of this idea.

I don't use password protection of DW.

[Creer]

Another vote for keeping the password protection.

+1

[darthsideous666]

Password protected!!

[demoneye]

IMO password protection can do the trick with out any possibility of security hole .