[pmwiki-devel] [off-topic] Re: ZAP farms: a modest proposal for security

christian.ridderstrom at gmail.com christian.ridderstrom at gmail.com
Thu May 3 14:46:20 CDT 2007


On Thu, 3 May 2007, Patrick R. Michaud wrote:

> But the problem isn't strictly one of "do all of the pages have edit
> passwords on them", but rather "can you trust everyone who has
> permission to edit somewhere on the site"?
>
> There are some contexts (I come from an educational context), where all 
> of the pages are protected from editing by the general public, but we 
> give edit authorization to other people such as students or faculty.

That reminds me of what a friend/IT manager at my old university said: 
"What's the point of firewalls when the students are already inside..."

Sometimes the trusted, and savvy, are the "problem". I once or twice 
abused security in order to install custom libraries for MATLAB on a 
machine withot root access. The lesson I learned there was that with 
pysical access, security is out through the window...

/Christian

-- 
Christian Ridderström, +46-8-768 39 44               http://www.md.kth.se/~chr


More information about the pmwiki-devel mailing list