On 7/1/20 3:55 PM, Chris Hecker wrote:
>> For example, if we treated single-component principals as users,
> anyone with a user/admin principal (or user/root, which has no status in
> the code but is a common convention for elevated access) would probably
> still be detectable by an attacker.
>
>
Wow, thanks for taking the time for the detailed response! I will digest
this and see if I still have questions.
Chris
On Thu, Jul 2, 2020 at 10:45 Greg Hudson wrote:
> On 7/1/20 3:55 PM, Chris Hecker wrote:
> >> For example, if we treated single-component principals as users,
> > anyone with
