Andrew Lentvorski wrote:
> Stewart Stremler wrote:
>
>>> When usability and security conflict, security loses. Period.
>>
>> Which is exactly opposite of good sense. :(
>
> No, it's not.
>
> I'm tired of this platitude from security people. It's just wrong.
>
> Good security == maximally usable for the task at hand and minimally
> usable for anything else.
>
> The fact that an end user can't tell the difference is a fault from
> the
> *security* side. Most of the applications are trying desperately to
> be
> usable and play by the security rules. The fact that the applications
> programmers cannot query the local security environment to make things
> better for the user is what creates the security/usability tradeoff.
>
And the fact that developers can't document the network interfaces to
their software so that proxies can be built is a failure to understand
the requirements of network security. It always seems to be the fault
of the security admin because the application is badly behaved and
requires that all inbound ports be open to allow it to function.
Programmers should be denied the ability to write network software if
they can't clearly define which incoming and outgoing ports their
application will require.
--
Neil Schneider pacneil_at_linuxgeek_dot_net
http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D
"When the politicians complain that TV turns the proceedings into a
circus, it should be made clear that the circus was already here,
and that TV has merely demonstrated that not all the performers are
well trained." - Edward R. Murrow
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
