[cap-talk] Dan Bernstein's qmail security lessons paper
smagi at higherlogics.com
Sun Dec 16 19:07:35 EST 2007
James A. Donald wrote:
> But your company web server does need to be pretty much
> privileged to run your business, and if a guy from
> Nigeria gets control of it, the principle of least
> privilege does not help much.
As Sam noted, "the business" is rarely a single monolithic entity, but a
number of smaller processes which are composed to create a final product.
Similarly, "the web server" can be a number of different interacting
servers. Consider a coarse-grained split of resources amongst fairly
standard departments, such as accounting, logistics, sales, human
resources, and so on. Enforceable security property using such
coarse-grained divisions: an attack on your shipping system should not
Finer-grained divisions can enforce even stronger security properties.
More information about the cap-talk