@ijustlovemath wrote:
The post is not about the security concern of users tampering with registry settings; the app currently runs with read and write permissions to a single directory, the lowest possible level of access.
The concern is with NI MAX (which can be ran as a standard user, try it), in which a user can rename existing aliases with the app none the wiser.
As a proof of concept, try this:
1. Setup a serial device that writes to a port continuously, name this device "TestDeviceA" in MAX
2. Setup a second serial device that does the same, name this device "TestDeviceB" in MAX. Make sure they are writing different data.
3. Write a simple VI with two loops that reads from "TestDeviceA" in one loop, and "TestDeviceB" in another loop, outputting to a string (concatenating old to new with a feedback node or similar)
4. Run this VI.
5. While the VI is running, open NI MAX, rename "TestDeviceB" to "TestDeviceA." MAX will warn you about the existing alias, but will allow you to make the change.
6. TestDeviceA will now be named "TestDeviceA-1", and its loop will now be reading from TestDeviceB. TestDeviceB's loop will fail to read anything.
7. Rename "TestDeviceA-1" to "TestDeviceB" and the loops will have completely switched.
Perhaps that makes the original concern a bit more clear.
The System Hardware API is all you need then...although, I have never found a user that wants you to fail so badley that they will intentionally destroy your hardware configuration.
Just because you are paranoid does not mean no one is out to get you! (it is....unusual)
"Should be" isn't "Is" -Jay
