On Mon, 28 Dec 1998, Bennett Todd wrote:
> 1998-12-28-14:51:16 Paul D. Robertson:
> > [...] the CGI data *isn't* the most valuable data on the machine, [...]
>
> If the data that the CGI manipulates isn't the most valuable data on the
> machine, then perhaps a better job could be done of partitioning the problem
> over multiple servers? And when multiple servers isn't affordable, then
A single-cgi Web server seems of little use to me in the grand scheme of
things.
> perhaps a trusted OS would be a cheaper hack to try and achieve comparable
> partitioning, though I wouldn't be nearly as inclined to trust such an
> implementation....
>
> > [...] the administrator's access is, everything scales down from there. [...]
>
> Now this comment I purely don't understand. The administrator's access is of
> very little value, and what value it gets is only a reflection of the
> administrator's role in helping to maintain access to the application data.
> _Privilege_ cascades as you describe, but not the value of the data.
With the administrator-level access, you can modify anything on
an untrusted OS. Therefore, the data that is administrative access is
the most valuable. For instance, the ability to su because you can gain
access to an administrative password. That's where trusted path and TNI
have a large ammount of value (as do things like SSH.)
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
