J. Greenlees wrote:
Nick Kew wrote:
~snip~
Either of those might find a use for it. Running it on a proxy
has the advantage of being the first port of call, so long
as nothing bad can come from behind the proxy. I guess
that's a similar question to authentication at the proxy.
The "what are you protecting against" (malicious vs
accidental attack) might be relevant too if you have
both internal/trusted and external/untrusted users.
I'll have to look for the reference articles, but a quick summary of
them:
Majority of recent corporate security breaches have been insider jobs.
disgruntled employees, recently dismissed, or not thinking were the
usual causes.
I know it was a Gartner and Associates report. [ for whatever the
source is worth ]
So a best practice for securing is there is no trusted user. makes for
a not very usable system though.
I could easily see mod_taint giving a more usable system without
losing a lot in the security of the system.
Jaqui
oops, I was wrong, it was the U.S. Secret Service report.
http://www.secretservice.gov/ntac_its.shtml
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
