J. Greenlees wrote:
Nick Kew wrote:~snip~Either of those might find a use for it. Running it on a proxy has the advantage of being the first port of call, so long as nothing bad can come from behind the proxy. I guess that's a similar question to authentication at the proxy. The "what are you protecting against" (malicious vs accidental attack) might be relevant too if you have both internal/trusted and external/untrusted users.I'll have to look for the reference articles, but a quick summary of them:Majority of recent corporate security breaches have been insider jobs.disgruntled employees, recently dismissed, or not thinking were the usual causes. I know it was a Gartner and Associates report. [ for whatever the source is worth ]So a best practice for securing is there is no trusted user. makes for a not very usable system though. I could easily see mod_taint giving a more usable system without losing a lot in the security of the system.Jaqui
oops, I was wrong, it was the U.S. Secret Service report. http://www.secretservice.gov/ntac_its.shtml --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|