Andrew Lentvorski([EMAIL PROTECTED])@Fri, Dec 02, 2005 at 06:41:16PM -0800: > Wade Curry wrote: > > >I understand the purpose. It does make it difficult to create a > >profile that doesn't wreck existing permissions. It has > >encouraged people to use the most general profiles they can, and > >subverts the goal of having security in place. > > Ayup. And this is why we all now use peecees and have crappy > security. > > The big problem is that good security is a technical issue which > rapidly mutates into a *political* issue. > > The issue is the fact that the person who grants security access > is the de facto most powerful person in the company. As such, he > is also the biggest political threat in the company. Any > technology which can bypass this will be adopted readily. > <snip>
Well, there's no point denying the power and politics that accompany security issues, but I don't think that's what I'm fighting in this case. There is a combination of 1) limitations in the security product (intended or otherwise), 2) limited knowledge of security by the security managers, and 3) limited concern for the damage that could ensue because data was unprotected. I know this is obvious to most of us. I confess I was surprised just how much defference there is between me and other users. I'm motivated by #3 to fix #2, and the learning motivates me to find methods for overcoming #1. I knew others would be motivated differently, but I thought the SOX audit would push them in the right direction. There are some good people watching our security, but the people who have to implement it are getting in the way of smart, good security. Not a matter of politics in this case. Wade Curry syntaxman -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
