On 28.11.12 15:50, Fabian Christ wrote: > Are you seriously trying to take part in this discussion with such a > statement?
Well I spent several years of my life earning money with discovering bad security practices in big company networks (which payed for that for sure) so you kind of hit the bottom with your "If people want security they have to do something for it" statement. I had to take care of compromised systems in University networks where people didn't care about doing more than the default because they didn't want to read any documentation. Most of the time owning a company network starts with owning a small system no one considered as important enough to "do something for security". If we meet on another workshop I can tell you some nice stories about that. So I am for enabling it because: - it forces all (code) contributors to think of it from day one, if they never enable it they most probably don't care as long as they don't have a need for it. So the enhancers/modules will not work properly in security mode - which is related to the reason why Reto adds it: In professional environments we need multi-tenancy, for having more than one tenant you need some kind of security. Which brings us back to point 1: if it's not enabled by default programmers might just ignore that because it's some extra work for them and thus the module is not properly supporting multi tennancy - I use lots of frameworks and while I agree that many do not enable it I think it's the wrong way to go because you *should* think of that from day one, even if it just means "Welcome to Stanbol, please enter a (non-trivial) default password for administration to continue". Little example: I use Fuseki in my setup and I have a really bad feeling about it because I couldn't find anything about securing it so far. cu Adrian
