On Mon, 07 Feb 2011 17:29:23 -0500 Jeffrey Altman <[email protected]> wrote:
> If the goal is to permit anonymous submission of homework for example, > this model is simply not safe under any circumstances. That is why I > proposed a configuration option to disable the use of 'i'nsert with > anonymous. Answering Andrew, Mike Meffie's change (gerrit/217) is > different. I haven't seen any explanation as to how. It is a generalized mechanism for restricting what rights an anonymous client can have. Unless you mean only affecting anonymous rights in special cases? (like the dropbox case) > I do not believe we are at a point where making such a change is > acceptable. I think the best we can do in the short term is a > combination of: > > * Derrick's proposal (gerrit/3901) > > * Providing an option to disable 'i'nsert for anonymous client > > * Improving our documentation to make it clear that system:anyuser "li" > and anonymous users are not a secure mix. And I must reiterate that I think an additional note of the possible failure scenario is required. Some sites will skip over security warnings due to the closed nature of the site or for other reasons, but "cannot/may not work in certain edge cases" will actually register. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
