Nick Kew wrote:
~snip~
Either of those might find a use for it. Running it on a proxy
has the advantage of being the first port of call, so long
as nothing bad can come from behind the proxy. I guess
that's a similar question to authentication at the proxy.
The "what are you protecting against" (malicious vs
accidental attack) might be relevant too if you have
both internal/trusted and external/untrusted users.
I'll have to look for the reference articles, but a quick summary of them:
Majority of recent corporate security breaches have been insider jobs.
disgruntled employees, recently dismissed, or not thinking were the
usual causes.
I know it was a Gartner and Associates report. [ for whatever the source
is worth ]
So a best practice for securing is there is no trusted user. makes for a
not very usable system though.
I could easily see mod_taint giving a more usable system without losing
a lot in the security of the system.
Jaqui
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
