On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why, whereas only the
firewall can guarantee that it actually opens the ports requested by
user instead of something else.
So the application needs to ask the firewall to open one or more
ports and
the firewall has to ask the user for permission to do so. In this
szenario
the firewall knows what application wants which port(s) to be open.
Letting
the application directly ask for permission to punch holes in the
firewall
is IMHO the worst case of all and a securiry nightmare.
Asking my wife if she intends to open port 2345 is a waste of time.
She has
no idea whether or not this is required. And will quickly learn to
answer ok.
Asking her "Do you want to make security changes to share directory
/home/phyllis/Share?" Or
Do you want to make security changes to share Printer XYZ?
Would make sense.
My marriage would be facing serious troubles, if my wife opens any
port on our shared machines ;)
Seriously, I think you guys are forgetting Linux isn't a
Single-User-Single-Seat OSes.
Ralf
Well, it is. Also. And hat's really the core here. It's so damned
different in these two cases.
--alec
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct