On Fri, Apr 15, 2011 at 12:28 AM, Suvayu Ali <fatkasuvayu+linux@xxxxxxxxx> wrote: > Hi Joel, > > On Thu, 14 Apr 2011 22:03:00 +0900 > Joel Rees <joel.rees@xxxxxxxxx> wrote: > >> >> Does that explain why I'm saying you don't want Flash loading every >> >> time you run your web browser as any user? >> >> >> > >> > How does this change when flash is installed as the regular user? >> >> From what I said about not using su or sudo when logged in to an >> account you surf the web from, you understand that I mean that the >> user does not even use su or sudo to do the final step of copying >> flash where it goes? > > I think I follow where we were differing. I didn't realise you also > meant no "administration related tasks" are done from the regular > account in question. Of course in that case it is definitely safer. Exactly. > So your objection is definitely a valid point but it is not specific to > flash. Its a general principle of not exposing your administrative > password to user accounts that might have been infected by the outside > world. The principle is general, sure, but the application to Flash is specific -- that the plugin should go in the .mozilla/plugins folder of each user that uses it, and nowhere else. It's not as good as having a separate box for the bank, but separate accounts are not as bad as using the same account for posting to (say) Digg or slashdot and for logging in to the bank. Leaving Flash out of the account you log into the bank with strengthens the walls against the un-foreseen accidents. Likewise, if you don't have Flash loaded in the account you usually use to do admin tasks, you have a little more breathing room when you're checking the docs while you tweak the system, without using a separate computer. > Am I understanding this correctly? I guess we often make choices > between convenience over security. It usually depends on the context > and the administrator of the system whether it is an acceptable choice. True. It's a little inconvenient. In fact, if you have 138 users on the company network, and you have to set up multiple accounts for each one, installing and updating Flash and other brick-brack on some accounts and not on others, maybe you have to decide between writing a script to handle the install across the LAN and just installing/updating one global location. For personal and family machines, however, I prefer the local install, since the kids insist on having it. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
