Chapter 24. UAC Security
The previous chapters have dealt with general Visual Basic programming tasks. They show how to write the Visual Basic code needed to build an application.
This chapter discusses User Account Control (UAC) security issues. UAC is a system implemented by recent versions of Windows operating systems that allows programs to elevate their privileges only when they absolutely must.
In earlier operating systems that don't have UAC, users often logged in with administrator privileges to perform fairly routine tasks because the programs they used might need administrator privileges. Now, with UAC, users can run with normal user privileges and only elevate their privileges to perform the specific tasks that need them.
UAC OVERVIEW
In general, a program cannot perform actions that require privileges that the user doesn't have. If the user doesn't have permission to delete files in the Windows directory, a program that the user can run should not be able to delete those files either. Otherwise, the user could perform actions that are supposed to be prohibited.
Developers have long known that an application should require the fewest privileges possible to get its job done. If a program needs a lot of privileges, only the users who have those privileges can use it.
Unfortunately, many applications occasionally perform some fairly powerful operations. They may sometimes need to create or delete a file in the Windows directory, access system-related parts of the Registry, or ...
Get Visual Basic® 2010 Programmer's Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
