Can anyone provide a more business sensitive response to "Isn't having a C compiler on a prod box a security problem"? While I am in complete agreement with the listed response:
"The days when you could prevent people from running non-approved programs by removing the C compiler from your system ended roughly with the VAX 11/780 computer." I'm looking for a bit more sensitive response, as I know my security department is going to come back on this as I move into testing Varnish against Squid in the next environment. (Varnish is so much faster, and does exactly what we want with far less config than Squid - we're really pushing it!) My reply is, if an attacker is on the box and can compile code, you already have more problems to worry about. What other arguments could I use? Thanks P If you are not the intended recipient of this message (including attachments), or if you have received this message in error, immediately notify us and delete it and any attachments. If you no longer wish to receive e-mail from Edward Jones, please send this request to [EMAIL PROTECTED] You must include the e-mail address that you wish not to receive e-mail communications. For important additional information related to this e-mail, visit www.edwardjones.com/US_email_disclosure _______________________________________________ varnish-misc mailing list [email protected] http://projects.linpro.no/mailman/listinfo/varnish-misc
