Hi Angela, On Wed, Mar 13, 2013 at 12:15 PM, Angela Schreiber <[email protected]> wrote: >> What I definitely want to keep is the "if using JCR, don't use any >> other access control mechanism" constraint, and if people do otherwise >> it's their problem. > > no this is not the case. IMHO you are completely mistaken here. > if our customers 'do otherwise' (and they usually do for various > reasons) it falls back on our products no matter what....
While I agree with the general idea, there's no way to make a system fully immune to abuse from stupid users who have all the keys (aka admin user in our case) - it's often a balance between useful and dangerous functionality, and between trusting and educating users. This well known command line russian roulette is a good example. I didn't say anyone should run it, and especially not as root, but you cannot blame linux/unix system designers for it, all its components are otherwise useful. [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo *Click* -Bertrand
