Date: Tue, 03 Feb 1998 22:20:52 +0000 From: Colman Reilly <careilly@monoid.cs.tcd.ie> To: Richard Wackerbarth <rkw@dataplex.net> Cc: config@FreeBSD.ORG Subject: Re: WebAdmin Message-ID: <199802032220.WAA16835@monoid.cs.tcd.ie> In-Reply-To: Message from Richard Wackerbarth dated today at 10:45.
next in thread | raw e-mail | index | archive | help
At 9:42 AM -0600 2/3/98, Colman Reilly wrote: > the databases useable and stable. >Sure. Now remember we have to assume that people will be attempting to >exploit the admin system as a security hole. We can't trust any state com ing >from a HTTP connection. >Look at Mike Smiths juliet stuff. Look at my thoughts on Portia/security >stuff. My only objection to his design is that it is a little too specific. I think that ALL the "back end" modules should appear monolithic and recursively defined. For example, although the password file is organized as a list of records each having fixed entries, it can be modeled as a two level tree. The top level entries are tagged by the <user> name. Within each of those nodes there are entries tagged by <uid>, <gid>, <Full User Name>, <shell>, etc. That's an objection to his implementation, not his design. It depends on the maturity of the sub-system really. For password I agree, but for some faster moving targets the more "black-box" approach might be better. In an ideal world you're right. >Look at the mail archives on this topic. Which archives? I cannot find one for "config". Most of the stuff has actually been discussed on hackers as far as I can see. :-) >I'd really like to see people cooperating on this with a well thought out >structure rather than see three sets of people head out into space. Me, too. But doesn't that break the "FreeBSD model" of "implement before you discuss the design?" :-) Oh. I'm sorry. I'm doing research in formal methods and mathematical modeling of software. I get carried away with this design business occasionally. Colman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802032220.WAA16835>