On Tue, 04 Aug 2009 12:27:48 EDT, Eric Paris said: > On Tue, 2009-08-04 at 17:09 +0100, Tvrtko Ursulin wrote: > > Would it make more sense to deny on timeouts and then evict? I am thinking it > > would be more secure with no significant drawbacks. Also for usages like HSM > > allowing it without data being in place might present wrong content to the > > user. > > I'd be willing to go that route as long as noone else complains. Yes, in my world, "deny on timeout and evict" is the better design decision. For an HSM, you'd rather have a quick-and-ugly death on a failed file open than an app accidentally reading the HSM's stub data thinking it's the original data.
Attachment:
pgpLnSg6utfNu.pgp
Description: PGP signature