zlacker

[return to "Win32 App Isolation"]
1. no_tim+X7[view] [source] 2023-05-24 16:29:41
>>pjmlp+(OP)
This is objectively great news.

As long as it's function is to keep the program locked in, and not the user locked out from modifying it...

◧◩
2. pwg+Df[view] [source] 2023-05-24 16:59:34
>>no_tim+X7
Indeed, but sadly, features designed to "keep the program locked in" can also often be miss-used to "keep thee user locked out". Only time will tell where this one goes.
◧◩◪
3. iggldi+m51[view] [source] 2023-05-24 21:34:23
>>pwg+Df
And all the file sandboxing approaches I've seen so far only seem to cater for the simple "choose a single file (or directory)" workflow and break multi-file formats, any customised UX around file I/O and any other advanced workflows.

To some extent that's just laziness, because who cares for the long tail of workflows, right, and to some extent unfortunately it's a fundamental trade-off of sandboxing (the OS can't know the details of each and every file format and which files are related and need to be opened together even if the user only launched one file, the application developer does know, but is the untrusted party; being able to paste a file path directly into a GUI respectively directly edit it there can be comfortable, but it bypasses the official secure OS file picker, so again a no-go, etc. etc.).

[go to top]