|
> the ftp exit does raise the security level to a certain degree I disagree with this statement -- with or without cannonicalization problems. Exit point programs allow you more flexibility in how/when/who might access something, but that is not the same as saying that they provide additional security. The security comes from your access control, and the flexibility comes from the exit point. Access control can protect you against any failings of an exit point program. But exit point programs cannot protect you against failings of your access control model. And even if you your exit point program works for FTP, what about those interfaces that don't have exit points? What about the new exit point for the new interface we (hypothetically) add in the next release? Your FTP exit point isn't going to protect from that. How long after you install the next release do you finally realize that the interface is there and you have to write another exit point program? It's unfortunate that you have to explicitly control access to those things you value most -- wishing it weren't true doesn't make it any different. The same is true for any multi-user system that is accessed over a network. Patrick Botz
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
