[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Working on a security best practices document



>>>>> "Chris" == Chris Travers <..hidden..> writes:
    Chris> so we can check to see that the user on the cert is the same
    Chris> user as the provided credentials.  LDAP might be needed to
    Chris> make that work cleanly though....

LDAP is not necessary or important.
Apache will provide a DN, etc. to the script.
see http://httpd.apache.org/docs/2.2/mod/mod_ssl.html, and the
SSL_CLIENT_* variables.

    >> What do you have in mind here?
    >> 

    Chris> This:  https://wiki.mozilla.org/Security/CSP/Spec

I see...very interesting. This is useful, particularly because it kills
eval() in the javascript.

    Chris> I see SSL as a critical tool for solving certain kinds of
    Chris> problems.  It is hardly a panacea but it solves certain
    Chris> specific problems quite well despite being somewhat clumsy
    Chris> because it is a partial port of an OSI protocol to TCP/IP
    Chris> (and OSI protocols ported to TCP/IP generally suck from a
    Chris> TCP/IP standpoint).

The SSL certainly provides privacy, and combined with client side
certificates provides useful authentication.  No question about that.

But, in the situation where the browser is on the corporate intranet,
one hop from the server, or in my personal company case, where the whole
thing is "localhost", it wasn't privacy that was the problem.

The problem is inappropriate disclosure of data :-)

    >> I'd rather we spent time on:
    >> a) a good dump/restore/"fsck" program that can be used to
    >> validate that data is still good.
    >> 

    Chris> This will become less important as the data integrity
    Chris> controls become more 
    Chris> robust as they do in each version.

hmm. I'm not sure I agree.
I think the proposals to rename the 1.2 tables, and then do INSERTs from
the into the 1.3 tables are good.  What I want to do is to extend this
to support saving to a 2nd-normal-form representation such that a human
can more easily inspect what is going on....

This is as much about producing good audit records as it is to permit 
recovery from data corruption that may have occured in the past...

Has anyone considered having an ledgersmb mini-conference either
independently, or as a summit of another conference... e.g. PGcon,
OLS, onlinux, OScon, ???

(p.s. I'm in toronto next week)

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] ..hidden.. http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition.