I have designed a POSIX user/group scheme for separating privileges for a web forum between login/password management, uploads, downloads/normal web access, one or more configuration administrator, and system-level updates. It works, and completely stops e.g. script drops/bombs.
Awww, poor Bobby Tables. He'll probably have a real rough time registering on that forum.
No, because input sanitizing is a completely separate issue. (And one that PHP's "magic quotes" just made a lot worse, because it only made it easier for poor developers create something that appeared to work, but could still be exploited. You can write pretty secure PHP code, there just are a number of configuration settings and tunables that can make that code fail or become easily exploitable.)
Me, I've never had any issues with that, because I started my
wet web work by making sure stuff like Ö and å were handled correctly by my server-side stuff, in the mid-to-late nineties. My code would treat his full name,
Robert'); DROP TABLE Students; --, as an opaque sequence of Unicode glyphs, and never try to parse any of it.
(Which reminds me: If you want to sort people alphabetically, you better use separate fields for their first names, last names, full names, and nickname. Yes, it is repetitive, but any way to automagically split it will fail, at least for some people. We humans are fun-ky!)
Privilege separation works on a much lower level. (I do believe the same scheme would work just fine in e.g. Windows, too, I just haven't verified it.)
It moves the majority of exploitable security checks and lack of checking from the code to the OS/kernel.
Essentially, the web server (typically Apache or Nginx nowadays) handles the protocol (HTTP over TLS), and forwards each request to a worker process based on the URL. Obviously, not every worker needs the same privileges, yet that is how they currently work; they all run at the administrator privileges. I've happened to work on servers for a number of different organizations from small companies to universities, and worked out the worker privilege hierarchy that things like discussion forums need in practice. It is just software engineering, with a lot of data and practical experience backing up the design. I've also done things like design the user/group hierarchy for the human users modifying the content on the server, when you have a lot of sub-projects and partially overlapping privileges. It's kinda like solving burr puzzles, really. However, I do not know all the features the people running the forums need, the interfaces needed for effective moderation and so on, so I cannot build a web forum on my own. I can do the underlying engine, but I'd need help from other people to build the user/moderator interfaces and so on.
Apologies for getting off topic. UAC wasn't part of the first few versions of Windows, but definitely is part of Windows 7 and 10. I wonder if there are still OS folks at Microsoft who do not see UAC the way I do, and just feel it is a necessary obstacle to be worked around? Many current Windows applications seem to be designed to be self-upgrading, which does open the exact same security issues it does for web forums... I dunno.