> Stephen D. Williams mumbled something vague about:
...
> > Can't this be solved by the more or less standard 'secret' structure:
>
> [standard secret structure snipped =) ]
>
> > Does anyone have solid problems with this or a better method?
>
> I do, if only on the grounds that STO is a bad plan, for anything.
STO... Hmm don't match that tonite: definition?
Do you have an alternative?
> My basic philosophy towards security is that you have to assume at all times
> that someone wants very badly anything that you want to protect. I'll admit
> that I wasn't such a hardliner at one point, but I've learned a few lessons,
> and my experiences with low-level network programming make me very
> untrusting of the network in general.
> I really don't want to start up the STO debate again, but that's where I
> sit.
I'm not trusting the network more than I would have to for normal uids/passwords,
am I? As far as accountability, I'm loosing since a user can give our
the secret file/directory name with probably less intrepidation than an account.
However as far as access, it is still protected by a 'password'. A one/two time
one at that.
If you don't use fully encrypted sessions you are trusting the network quite
a bit in any case.
> Mike
sdw
--
Stephen D. Williams 25Feb1965 VW,OH sdw @
lig .
net http://www.lig.net/sdw
Senior Consultant 513-865-9599 FAX/LIG 513.496.5223 OH Page BA Aug94-Feb95
OO R&D AI:NN/ES crypto By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Firewall/WWW srvrs ICBM/GPS: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W wrk
Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.28Jan95
References:
|
|
