[pmwiki-devel] [off-topic] Re: ZAP farms: a modest proposal for security
christian.ridderstrom at gmail.com
christian.ridderstrom at gmail.com
Thu May 3 14:46:20 CDT 2007
On Thu, 3 May 2007, Patrick R. Michaud wrote:
> But the problem isn't strictly one of "do all of the pages have edit
> passwords on them", but rather "can you trust everyone who has
> permission to edit somewhere on the site"?
>
> There are some contexts (I come from an educational context), where all
> of the pages are protected from editing by the general public, but we
> give edit authorization to other people such as students or faculty.
That reminds me of what a friend/IT manager at my old university said:
"What's the point of firewalls when the students are already inside..."
Sometimes the trusted, and savvy, are the "problem". I once or twice
abused security in order to install custom libraries for MATLAB on a
machine withot root access. The lesson I learned there was that with
pysical access, security is out through the window...
/Christian
--
Christian Ridderström, +46-8-768 39 44 http://www.md.kth.se/~chr
More information about the pmwiki-devel
mailing list