Check My IP Information  All Channels  EVE Information Portal      Sticky:EVE Online: Crucible 1.5 Issues » Click here to find additional results for this topic using Google  Monitor this thread via RSS [?]   Author Thread Statistics | Show CCP posts - 77 post(s) Dareth Astrar Astrar Logistics and Engineering 0 Posted - 2012.03.22 16:53:00 - [1] - Quote Security: Client can no longer be run in Least User Access mode. The patcher insists on needing administrative rights, and therefore launches the client in an account with administrative rights. This is very insecure, especially considering the embedded web browser, and breaks Microsoft's guidelines on ensuring running programs could be operated in LUA mode. Any weakness found in the embedded browser then becomes a fully and wholely executed exploit that will immediately gain the rights of the running process, in this case Administrative rights. This is just plain old silly folks! Sit and think with your security cap on please. Previously, this was achieved as the patcher requested credentials to run a patch, and could then be shut down afterwards to ensure the client was once again launched in the user account with lower permissions. However, now the patcher just throws an exception if you try to run it in a normal user account (for obvious reasons, as it seems this hasn't been given much thought): Here is an example of the exception message displayed to the user: Traceback (most recent call last): File "launcher.py", line 42, in [module] File "lib\initialization.pyc", line 112, in StartLauncher File "lib\initialization.pyc", line 51, in EnsureDirectoryIsWritable File "lib\launcher_helper.pyc", line 17, in ExecuteElevated WindowsError: [Error -2147483645] One or more arguments are invalid Locals by frame, innermost last: Frame [module] in launcher.py at line 54: NoInternetError = [THE REST REMOVED AS THE POST OF THIS MESSAGE THINKS IT'S HTML TAGS] Obviously, the first thought is that you want the launcher to patch the game files, which may require administrative rights, however this launcher should execute another application in the background to perform the actual update to the files. This other application's launch can prompt for the rights required IF There Actually are changes to be made, and then on completion of the process, would exit. This would mean the launcher, and therefore subsequent clients launched, will be running in the correctly constrained rights environment, without further risking system security. Please bare this request for improvement to the chosen launcher model in mind, as it's vitally important in the current age of mostly browser exploited viri, in which your game would just act like a launch platform and infect your customers systems. This isn't what you are wanting, nor I, I'm sure. Kind regards, Dareth :)

Copyright © 2006-2025, Chribba - OMG Labs. All Rights Reserved. - perf 0,16s, ref 20250625/0522 EVE-Online™ and Eve imagery © CCP. bitcoin: 1CHRiBBArqpw5Yz7x5KS2RRtN5ubEn5gF

COPYRIGHT NOTICE EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.