... from MS-DOS) to a UNIX ... Setting everything 777
sad, but very believable.
the opposite sort of silly things also happens ...
eg mysql (for win32) requring it's my.ini to be in either c:\ (yes, root) or
%windir% how brain dead is that ? and the php docs (for win32) says to
stick all the .
My company outsourced a C to Java porting project to India, and we ended
up having to help them salvage the project. It was obvious that the
engineers were inexperienced. All user data (including authentication
credentials) was stored in an application directory, completely
world-writable.
When I
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Bill Cheswick
> Sent: Thursday, March 11, 2004 2:04 PM
>
> User client-level applications should come with recommended
> sandbox.conf
> files that will contain them appropriately. There's already
>
IL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Behalf Of Bill Cheswick
> Sent: Thursday, March 11, 2004 3:04 PM
> To: [EMAIL PROTECTED]
> Subject: [SC-L] Re: Java sandboxing not used much
>
>
> > Complex security systems are often completely ignored.
>
> This is def
> Complex security systems are often completely ignored.
This is definitely a problem with with more-involved security systems.
At one point I obtained a system that had obtained B1 certification
to implement a firewall. The firewall worked fine, but I never
got the hang of the system administrat
Jared W. Robinson wrote:
Complex security systems are often completely ignored.
I agree, but I wouldn't stop there...
The simplicity of the traditional UNIX permission model means that it is
more likely to be used than abused.
Well, I've seen at least one pretty spectacular exception to this. An
> I'd go futher - I think it is extremley rare that anyone configures their
> sandbox properly. I "do" Java development, and I would guess that less than
> 10% of application server deployments are done with the Java security
> manager enabled.
Complex security systems are often completely ignored