> i use gmail / browser and it does not support monospace fonts....
[Jonathan Dickinson] 
Cool. Sorry man, I will try to come up with something :). Should maybe fire
up Visio :).
> 
> It might be a good idea to seperate application and user rights though,
> and really thinking about minimizing or even completely eliminating
> impersonation
> (if we can) because it's an often abused 'feature' by hackers and
> virii..
[Jonathan Dickinson]
Indeed it is. But think of the most basic server: FTP, you simply can't do
it without impersonation. I think another way around it is as follows:

FTP > Creates (FSProc) with user supplied credentials (a process cannot
change its own user context)
    > Denies All (Explicit declination, that right cannot be granted unless
by the FTP Proc)
    > Allows FS Access (Explicit approval, because we are the FTP Proc)
    > Initializes FSProc

FSProc > Go and does stuff on the FS.

> 
> And like i mentioned, personally i'd like to keep everything as
> transparent as possible, it keeps you in control, and impersonation
> makes everything completely un-transparent.. because the application
> that impersonates you might do things in your name that you can't see
> and control..
> 
> Any ideas about this?
[Jonathan Dickinson] 

My previous post was pretty transparent, I think. But I have my perspective
on it and I might be barking up a rather insane tree. It also keeps us safe
with this.

But we need to be able to apply the rights from a specific user. Servers
just can't be done without it.

Jonathan Dickinson


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
SharpOS-Developers mailing list
SharpOS-Developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sharpos-developers

Reply via email to