On Wed, 23 Dec 1998, Ming Lu wrote:
> Trusted OS costs much more than regular OS. Trusted solaris give you B-2
Trusted OS' are much more difficult to write than regular OS'.
> level of OS security, but if you cann't secure your content of web site,
> it does nothing for you.
Securing the content is the goal and would be the reason for using a
trusted OS, wouldn't it?
> Never let people telnet to your web server; use secured ftp server so
> users can update their contents but cann't get in your server. of cause,
> it won't prevent people hack web pages (usually done via bad cgi-bin
> script), but this will protect your web server.
Is there a particular reason you'd allow a CGI permissions to write to
anything associated with the Web server content? I can't for the life of
me think of a reason that any external input wouldn't be running at its
own permission level without anything higher than read access to existing
data, and without execute access to anything other than itself and any
associated interpreter (I'd probably go for staticly linked compiled code
myself, but worst-case I still can't see how you'd not be able to protect
everything with a trusted server.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
