On Thu, September 28, 2006 8:42 am, Zhasper wrote: > On 9/28/06, Voytek Eymont <[EMAIL PROTECTED]> wrote:
> Essentially, I think you're making the same mistake here that Bruce > Schneier > writes about airline security people making all the time: you're reacting > specifically to one attack vector that you've seen in the past, which > means that that vector won't be successful again. You're not doing > anything to prevent different vectors from being detected or prevented > though. yes, I realize that, though, i feel it's still better to 'do something' > I'd suggest that a more effective strategy might be to talk to your > users; tell them what you've found, why it's unacceptable, and what action > you'll be taking if you discover anything similar in future. Also make it > clear to them how they can check things with you before they install, and > be proactive in helping them find solutions that don't compromise your > security - for instance, sticking phpmyadmin behind a .htaccess file. yes, of course, though, it's clear this user's apparent skills don't extend to security consideration... -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
