Don't know if Pier is subscribed to James-dev ..
> -----Original Message----- > From: Richard O. Hammer [mailto:[EMAIL PROTECTED] > Sent: 27 June 2003 15:02 > To: James Developers List > Subject: Re: WORA Considered Evil ;-) > > > Pier Fumagalli wrote: > > All those components must run ... (for security) under different user > > privileges. > > Pier mentioned this point repeatedly, asserting that security can be > gained by running the various pieces of the MTA under different users' > privileges. Since I also lack sysadmin experience, I wonder if > someone could tell me the motivation for this precaution. > Historically, what went wrong that caused sysadmins to prefer running > separate pieces of an MTA under separate users' privileges? > > I wonder if that kind of thing, whatever it was that went wrong, could > happen with Java and James. Java has a lot of security built in which > is lacking in C and other languages. > > I wonder if a lot of the traditional sysadmin's paranoia comes from > growing up with Sendmail. As I understand the history, Sendmail had > its architectural foundations laid before anyone thought much about > security. As such, it helped raise a generation of paranoid sysadmins. > > But when you understand a problem it usually suffices to solve the > problem once, just exactly once. After you have stepped on a bug, it > does not always help to step on it again a second, third, ... tenth time. > > But of course paranoia evolved into the human psyche for some good > reason. Until you have mastered a problem paranoia often pays: do > anything, do everything. > > Rich Hammer > Hillsborough, N.C. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
