From: presotto@plan9.bell-labs.com
To: 9fans@cse.psu.edu
Subject: Re: [9fans] secstore
Date: Wed, 15 May 2002 08:33:41 -0400 [thread overview]
Message-ID: <32d3c05b625f12fdd78d72e5fbcc698f@plan9.bell-labs.com> (raw)
To answer lucio, it's not a matter of obscurity. You
just don't want the files on a shared file server . If
it gets backed up, then a mistake of permissions on the file
can last forever in the dump and not be noticed except by
attackers.
Whether or not you let others cpu or rx to the machine which is
the auth server is a separable question.
This still leaves the auth server open to trojan horses and
the like. I'ld be happier with a standalone auth server that
noone can log onto except for a select few. There are less
mistakes you can make that compromise security. Of course,
we don't even do that. Our auth server is also our console
server so that everyone that needs console access logs on.
next reply other threads:[~2002-05-15 12:33 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-15 12:33 presotto [this message]
2002-05-15 13:09 ` Lucio De Re
-- strict thread matches above, loose matches on Subject: below --
2002-05-15 18:22 rsc
2002-05-15 16:31 presotto
2002-05-15 16:30 jmk
2002-05-15 16:23 presotto
2002-05-15 15:36 anothy
2002-05-15 15:02 presotto
2002-05-15 14:15 rob pike, esq.
2002-05-15 14:43 ` Lucio De Re
2002-05-15 14:14 presotto
2002-05-15 14:37 ` Lucio De Re
2002-05-15 13:33 presotto
2002-05-15 13:59 ` Lucio De Re
2002-05-15 12:26 nigel
2002-05-15 12:17 presotto
2002-05-15 11:58 nigel
2002-05-15 12:16 ` Lucio De Re
2002-05-15 11:55 presotto
2002-05-15 11:45 forsyth
2002-05-15 11:19 nigel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=32d3c05b625f12fdd78d72e5fbcc698f@plan9.bell-labs.com \
--to=presotto@plan9.bell-labs.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).