But doesn't that mean that the user is validated is only validated locally, then? So a malicious user could validate a user on his own machine and gain level 5 trust on any other machine?
/jan Sharon Lucas wrote: > In regards to user level trust, you are right that submitting a CREATE > HANDLE NAME request to the HANDLE service requires trust level 5. However, > there's an important note in the STAF User's Guide, section "8.5.2 > CREATE", sub-section "Security", that says: > Note: This command is only valid if submitted to the local machine, not to > remote machines. > > So, since you can only create a STAF handle on your local machine (e.g. > STAF local HANDLE CREATE HANDLE NAME ...), and since the local machine > always has trust level 5 to itself, this isn't an issue. Then you can use > this handle to submit STAF service requests (like a PROCESS START request) > to other machines. > ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ staf-users mailing list staf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/staf-users
