Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.databases.pick > #2174
| From | Tony Gravagno <tony_gravagno@nospam.invalid> |
|---|---|
| Newsgroups | comp.databases.pick |
| Subject | Re: FlashBasic - compiler error |
| Date | 2011-01-27 23:51 -0800 |
| Organization | Nebula R&D |
| Message-ID | <80t4k69v8d1vvgmnnkl1dbtmpjapg86g9k@4ax.com> (permalink) |
| References | (1 earlier) <lfp0k6hibvhhiv5gqp7g2tioj78kdjdkif@4ax.com> <9827865d-60ef-4cd7-a4eb-e571c55dc47a@p7g2000prb.googlegroups.com> <94accb72-de3b-430c-9af7-53dea82f1b55@32g2000yql.googlegroups.com> <qfs1k694vkjg36u308c3ckuc8g19oeo48m@4ax.com> <7bc7089f-9701-4150-93e6-bb57564bf2e8@r19g2000prm.googlegroups.com> |
Ross Ferris wrote: >Our users never get to a linux prompt (or a TCL prompt for that >matter), so we haven't been "that" worried about these security >aspects, and we have passed external audits for large publicly listed >companies without any problems (apart from disaster recovery, which >spurred our Visage.DRS development) either. Perhaps things are >different on your side of the Pacific .... or maybe we are just >lucky ?!? I think you're lucky through obscurity. If auditors don't know anything about MV (and they don't read this forum) then chances are good that they won't know about the glaring hole in your security. Quoting from my previous post, I really can sit on both sides of the fence on this one: "Honestly I've never heard of a D3 site that has had a problem because of this. Nevertheless, consensus these days seems to be that running as root is a very bad idea." Perhaps we can agree that security for your clients is adequate given their situation, but also that passing a security audit doesn't necessarily mean your client's environments are secure. Regards, T
Back to comp.databases.pick | Previous | Next | Find similar
Re: FlashBasic - compiler error Tony Gravagno <tony_gravagno@nospam.invalid> - 2011-01-27 23:51 -0800
csiph-web