Why shouldn't I trust my own application?

  • Thread starter Thread starter Michael Rodriguez
  • Start date Start date
M

Michael Rodriguez

I attended a Microsoft seminar yesterday on Click Once technology. The
presenter urged us to restrict our smart client applications to the minimum
security settings possible and gradually increase the security as needed.
My question is: Why?

I could understand if this was an application that was going to be
downloaded by J.Q. Public and during the download they were going to be
informed of the permissions my app would require. Then the user could
decide whether or not to "risk" downloading and running my application.
That would make sense. However, in our case, we're building an application
for sale. Once our customer has bought our product, they implicitly trust
us to run on their machines. In that scenario, why would I limit the
security settings? This only introduces the possible of exceptions being
thrown with no apparent upside.

Am I missing something here?

TIA,

Mike Rodriguez
 
Michael Rodriguez said:
building an application for sale. Once our customer has bought our
product, they implicitly trust us to run on their machines. In that
scenario, why would I limit the security settings? This only
introduces the possible of exceptions being thrown with no apparent
upside.

Am I missing something here?
Click to expand...

Yes, hackers.


--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Empower ASP.NET with IntraWeb
http://www.atozed.com/IntraWeb/
 
Mike,

Don't take this the wrong way, but it is hubris to assume that you
should be given full trust for your application just because you are
building an application for sale. If anything, even if I am paying for a
program, I still want to know that on ^my^ machine, the software isn't going
to be able to do anything that I don't want it to do. In the end, you can't
possibly know all of the things that every user is going to want to do or
prevent from happening on their machine (as the result of your software
running or not), so asking for full trust is asking for quite a bit.

In the end, full trust is a bad thing, and should only be used in
exceptional cases. Most software (and most likely yours as well) does not
fall in this category.

Also, in the end, as the developer, you should know what is required for
your application on the security side (instead of just a blanket assumption
of full trust). It goes a long way to establishing trust with those that
are going to use your software.

Hope this helps.
 
: [...]
: Am I missing something here?

Do you login as Administrator all the time? If you can trust
your own application, you can trust *yourself*, right?

Greg
 
Back
Top