On Fri, Sep 26, 2008 at 12:45:48PM -0400, James Carlson wrote:
> Nicolas Williams writes:
> > Perhaps, but those terms ("whitelist" and "blacklist") are widely in use
> > in general. And as for 'allow' being "the most restrictive mode" --
> > that's confusing!
> >
> > Where else in Solaris do we have an example of such a design?
>
> TCP Wrappers (/etc/hosts.allow and /etc/hosts.deny) and cron
> (/usr/lib/cron/at.allow and /usr/lib/cron/at.deny) come to mind.
Yes, but those are not confusing. Why? Because in each of those cases
the name of the list indicates quite clearly what it does.
Here we have a list named something generic and then a separate selector
that tells you whether that list is a whitelist or blacklist.
That's different enough from TCP wrappers and cron, IMO.
Nico
--
