[ On Friday, October 25, 2002 at 19:25:43 (-0500), [EMAIL PROTECTED] wrote: ]
> Subject: Re: Per-modules readers/writers ?
>
> If security is an issue, you want to enforce authentication, since
> no security is perfect and you need to have some sort of audit
> facility. Therefore, you want as reliable a method of authentication
> as possible, and I don't know of anything better than Unix user
> accounts. There's security there, if people use it.
Just to continue on a little further:
Note too that even better auditing (and thus accountability) and access
control can be had by using one those systems which have been enhanced
to be able to meet the "Orange Book" C2-style security classification.
C2 requires mandatory access controls on all filesystem objects and much
more detailed audit trails for all accesses of those objects. Those
kinds of things can never be done at the application level, at least not
on a general-purpose computing platform.
--
Greg A. Woods
+1 416 218-0098; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; VE3TCP; Secrets of the Weird <[EMAIL PROTECTED]>
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
