1998-12-28-14:51:16 Paul D. Robertson:
> [...] the CGI data *isn't* the most valuable data on the machine, [...]
If the data that the CGI manipulates isn't the most valuable data on the
machine, then perhaps a better job could be done of partitioning the problem
over multiple servers? And when multiple servers isn't affordable, then
perhaps a trusted OS would be a cheaper hack to try and achieve comparable
partitioning, though I wouldn't be nearly as inclined to trust such an
implementation....
I have seen one neato design that used a trused OS effectively; PCASSO[1] uses
an integrated design with a trusted OS and a comparable database system to
help manage access to sensitive data. Not at all the kind of thing I heard
discussed here, though --- this isn't a case of sticking the CGI in a box and
saying all's well because we have a trusted OS on the job.
> [...] the administrator's access is, everything scales down from there. [...]
Now this comment I purely don't understand. The administrator's access is of
very little value, and what value it gets is only a reflection of the
administrator's role in helping to maintain access to the application data.
_Privilege_ cascades as you describe, but not the value of the data.
-Bennett
[1] <URL:http://medicine.ucsd.edu/pcasso/>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
