Improve secure mode and secure screens documentation#13501
Conversation
| This is because it is a security concern to log during secure mode (e.g. passwords are logged). | ||
| To change this for testing, patch the source build. | ||
| `nvda.log` files are then generated in the System profile's `%TEMP%` directory. | ||
| This is because it is a security concern to log during secure mode (e.g. passwords are logged on secure screens). |
There was a problem hiding this comment.
Is there a definition for 'secure screens' in this doc? There should be, and we should link to it.
There was a problem hiding this comment.
While at it,, could the difference between secure mode and secure screens be documented (if not already)? I have not checked in the docs nor in the code but I think that:
- NVDA runs in secure mode when executed on secure screens (unless the debug service reg key is enabled)
- NVDA can be run in secure mode in any situation providing the
-sflag when started; except for easier testing of secure mode, I do not know what is the use case for this flag however.
There was a problem hiding this comment.
@CyrilleB79 As you mention, easier testing is one.
Other use-cases are:
- Locked down environments, perhaps sensitive corporate systems.
- It gets used during standardized testing.
There was a problem hiding this comment.
Other use-cases are:
* Locked down environments, perhaps sensitive corporate systems.
Actually, that's my concern. Could a command line flag really guarantee such security? This would mean that on such locked environments, the following actions would be forbidden in order to avoid that anyone executes NVDA without the -s flag:
- Open Windows Explorer and click on nvda.exe
- open a console (e.g. cmd or PowerShell)
- Runs "nvda.exe" from other locations such as Windows+R dialog, Explorer address bar, task manager, etc.
- etc.
For reference, see the discussion in #10018. The final recommendation in this discussion goes to adding a new system-wide registry key for such usage.
There was a problem hiding this comment.
Is there a definition for 'secure screens' in this doc? There should be, and we should link to it.
As secure screens and secure mode are referenced regularly in the user guide, without clear definition, I'm going to create the definitions there and reference them from the technicalDesignOverview.
I'm going to add to the technicalDesignOverview a reference to MS Docs on UAC.
I haven't been able to find any MS definitions on secure screens.
There was a problem hiding this comment.
@CyrilleB79 That seems like a valid concern, however it's a separate issue from documenting the 'intent' and how the command line args are currently used for the benefit of developers.
c8f5fdf to
216ebf2
Compare
This comment was marked as outdated.
This comment was marked as outdated.
0dbbe13 to
428154a
Compare
Qchristensen
left a comment
There was a problem hiding this comment.
Reads well and will hopefully reduce any possible confusion, great work!
Link to issue number:
None
Summary of the issue:
As raised in comments on #13488, the technical design overview could be clarified to be more clear and add more information.
Using the serviceDebug parameter to prevent secure mode on secure screens is a more universal solution than patching source code.
Users have been unclear on what secure mode and secure screens are when reading about recent security fixes.
Description of how this pull request fixes the issue:
Improves the documentation based on the discussion on #13488.
Adds definitions of secure mode and secure screens to the user guide.
Testing strategy:
None
Known issues with pull request:
This is developer centric documentation and as such didn't need to be added to the 2021.3.4 patch release or 2022.1 beta.
Change log entries:
None
Code Review Checklist: