So, one of the things that I’ve been trying to do for a while is make it easier for users to update MarcEdit. To that end, I introduced an automatic updater that allowed users to be prompted and automatically download new updates for their machines. And with those changes, things were good…well, for me anyway, and for those users that had access to their administrative username’s and passwords. However, with a growing number of colleges and campuses moving to a completely managed environment where users have no administrative access to their machines – this is more of a problem. Since MarcEdit requires administrative access to update itself, users without administrative access are forced to go without or contact their IT to provide the updates – and since I don’t have a formal update schedule, this can be admittedly annoying for IT managers.
So, I’ve been working on a change to the automated updater. Essentially, users will be able to have MarcEdit store the administrative username/domain/password within the application, allowing MarcEdit to run the setup program using elevated permissions.
Ok – so the first question that everyone should ask is – is that really safe. Well, I think so, and here’s why. Internally, MarcEdit will store the entered password using the AES encryption standard. Passwords will be padded and then salted with a 128-bit private key. Passwords will be encrypted and decrypted within a protected memory space. It’s not perfect by any means – but I think that it will be more than sufficient for my needs and the MarcEdit user needs to keep this information protected.
So how will it work? In the MarcEdit preferences, you will see a new option:
If you enter the domain/username/password combination here – the program, on next update, will initiate the installer as part of the administrator group. If you are on Windows XP, the program will simply run, no prompts. If you run on Windows Vista or Windows 7 and have the UAC enabled – you will see the following type of prompt (sorry – couldn’t screen shot it so I photographed it on my phone):
So, users of Vista and Windows 7 machines will still be prompted to allow MarcEdit’s setup process to proceed, but, they will no longer be required to provide a username and password because the program will utilize the information stored within the application.
This change will be made available the next time MarcEdit is updated.