DonatJR
commented
6 years ago - after #75
- chooser view on normal desktop
- configurator view on cage desktop
Open DonatJR opened 6 years ago
DonatJR
commented
6 years ago 
bencikpeter
commented
6 years ago According to #85 , the access rights of the confing files are admin only... however apps on secure desktop are launched with logged on user security context, therefore if user is not an administrator of computer, he would not be able to use configurator (or chooser)... and if he was an admin, the configurator/chooser would need to prompt UAC dialogue to run elevated.. is that desirable? Isn´t that a design flaw a bit? Wouldn´t digital signatures of config files be a better solution? Since we will already have a logic to verify signatures to avoid binary spoofing, why not reuse it?
DonatJR
commented
6 years ago @bencikpeter The Chooser is usable by any user, but you are right that the Configurator must be run with admin rights (and it only starts elevated since just after it was created). Having the configurations only be modifiable by admins was professor langwegs idea and was decided very early in (team) project. Because of this the image token presented to the user is embedded in the configuration and could be read by third-party applications if not secured by the current access rights.
Your idea using signatures might be worth pursuing if we find an adequate solution for the image token but I'm afraid it probably has to wait until after the team project has ended (20th of August). We want to have a working project to present and this has too much potential for errors in my opinion. 😅