Nick Kew wrote:
~snip~
Either of those might find a use for it. Running it on a proxy has the advantage of being the first port of call, so long as nothing bad can come from behind the proxy. I guess that's a similar question to authentication at the proxy. The "what are you protecting against" (malicious vs accidental attack) might be relevant too if you have both internal/trusted and external/untrusted users.
I'll have to look for the reference articles, but a quick summary of them: Majority of recent corporate security breaches have been insider jobs.disgruntled employees, recently dismissed, or not thinking were the usual causes. I know it was a Gartner and Associates report. [ for whatever the source is worth ]
So a best practice for securing is there is no trusted user. makes for a not very usable system though. I could easily see mod_taint giving a more usable system without losing a lot in the security of the system.
Jaqui --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|