[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-XBoard] Security concern
|
From: |
John Summerfield |
|
Subject: |
[Bug-XBoard] Security concern |
|
Date: |
Wed, 09 Dec 2009 07:26:01 +0800 |
|
User-agent: |
Thunderbird 2.0.0.22 (Windows/20090605) |
I administer, amongst other things, computers running Windows XP.
A key point in computer security is that users do not have
administrative rights. Related to this is that administrative accounts
are used only for computer administration.
A typical administrative task is installing software such as winboard.
A typical user "task" is using software such as winboard.
On a well-managed computer, a user cannot install software such as
winboard, and an administrator does not use it.
This leads to a problem with software such as winboard: winboard stores
user-related data in its installation directory. This means that, on a
well-managed computer, all the different users have but one set of options.
On Linux and Unix, programs store users' preferences in a location in
their home directory - in the case of xboard, ~/.xboard would be an
appropriate location.
My observation, I've not seen relevant documentation, is that in
Windows, the appropriate location would be
%HOMEDRIVE%\%HOMEPATH%\Application Data\Winboard
This allows individual users to save their preferences, impossible with
the existing setup, and for different users of the same computer to have
their own separate settings.
The obvious workaround, to run winboard as an administrator, has the bad
side effect of reducing computer security.
Please, as a matter of urgency, create a new release addressing this
problem.
- [Bug-XBoard] Security concern,
John Summerfield <=