I haven’t been blogging for a while, but some posts reminded to me that I have my own blog.
Lately, I’ve seen the blog post “Zero Touch” or “HREF to EXE” apps broken by FX 2.0" and there a link to the coresponding product feedback here.
When reading, my first thought was: “it really sucks badly”. I think mostly my first impressions were caused by the fact that I was showing the ability to launch exe’s from a web page, which is totally nice.
But the last post and feedback site caused me thinking. I remembered the discussion with one student that was kind of “afraid” to see that programs from internet are launched without any question or warning.
Though, in general it is pretty secure, as security is managed by .Net framework, CAS policies, but still - people are not familiar with that, they do not trust (which is somewhat good) and most of them are used to … “Open/Save/Cancel” dialog.
So, on one side it is good to have single behavior, rather than one type of behavior in trusted zone and another - in internet. On another side we have users that are somewhat stagnated, afraid of unknown.
There is one additional thing. When you launch an exe from href (which can be internet/intranet), then permission set will be stricter (Internet permission set) than in the case if you download it and put on a hard disk (FullTrust).
My only thought in this case: what is important here?
In my oppinion, it is important to have secure, consistant and user friendly system of applications that are running on the net. With “user friendly” I do not mean the addiction to the past.
What is my vote? I don’t know. In general - I’m good with both ways.