[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Per-modules readers/writers ?

From: Greg A. Woods
Subject: Re: Per-modules readers/writers ?
Date: Fri, 25 Oct 2002 21:20:52 -0400 (EDT)

[ On Friday, October 25, 2002 at 19:25:43 (-0500), address@hidden wrote: ]
> Subject: Re: Per-modules readers/writers ?
> If security is an issue, you want to enforce authentication, since
> no security is perfect and you need to have some sort of audit
> facility.  Therefore, you want as reliable a method of authentication
> as possible, and I don't know of anything better than Unix user
> accounts.  There's security there, if people use it.

Just to continue on a little further:

Note too that even better auditing (and thus accountability) and access
control can be had by using one those systems which have been enhanced
to be able to meet the "Orange Book" C2-style security classification.
C2 requires mandatory access controls on all filesystem objects and much
more detailed audit trails for all accesses of those objects.  Those
kinds of things can never be done at the application level, at least not
on a general-purpose computing platform.

                                                                Greg A. Woods

+1 416 218-0098;            <address@hidden>;           <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]