On Thu, Oct 7, 2010 at 4:13 PM, Brian Desmond <[email protected]> wrote: > Personally I think you’re making a mountain out of a mole hill. Like I said > this is really a common design.
Without knowing more (and we on this list don't really know the details from that post), I think the OP *may* have a point. Least privilege should be applied everywhere, not just to end-user accounts. So if you've got two separate things (ProductA and ProductB in this example), and they don't need *all* the same data to do their job, then they should not both have access to *all* the data. The fact that it's a very common design doesn't mean it's not a bad idea. "Everyone runs as local admin" was a very common design (possibly still is) and that was known to be a very bad idea from day one. As was noted in a contemporary thread, we have the responsibility to ask for security as much as publishers have the responsibility to provide it. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
