I've always thought systrace was nifty
http://www.citi.umich.edu/u/provos/systrace/
It's on a different level than .net/java, but I don't see why
something like that couldn't be built in to the CLR.
As to developers vs management, unless there is high level support for
security, developers are al
Aaron Margosis' "Non-Admin" WebLog : LUA Buglight 2.0, second preview:
http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx
Mark Rockman wrote:
> It be difficult to determine /a priori/ the settings for all the
> access control lists and other security pa
At 12:26 PM -0500 11/25/08, Mark Rockman wrote:
> It be difficult to determine a priori the settings for all the access
>control lists and other security parameters that one must establish for
>CAS to work. Perhaps a software assist would work according to the
>following scenario. Run the progra
It seems we've come full circle, because what you are describing is managed
code (or privileged code depending on your Java vs .NET vocabulary). In full
on managed code, the code describes what it needs and the machine decides
whether that coheres with local policy.
gem
company www.cigita
On Tue, 25 Nov 2008, Mark Rockman wrote:
> Assuming this is repeated for every use case, the resulting
> reports would be a very good guide to how CAS settings should be
> established for production. Of course, everytime the program is changed
> in any way, the process would have to be repeated.
It be difficult to determine a priori the settings for all the access control
lists and other security parameters that one must establish for CAS to work.
Perhaps a software assist would work according to the following scenario. Run
the program in the environment in which it will actually be u