[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnu-arch-users] Re: WebDAV

From: Eric S. Johansson
Subject: [Gnu-arch-users] Re: WebDAV
Date: Fri, 09 Apr 2004 15:57:43 -0400
User-agent: Mozilla Thunderbird 0.5 (Windows/20040207)

Colin Walters wrote:

I didn't find it particularly difficult to secure my arch repository. That said, there is certainly some value in solutions which don't
require complete control over the host.  But you should remember that
sftp, being based on ssh, solves some real problems, and is an extremely
well-audited codebase.

ya well, so is Apache but that did not stop me from being bit by a proxy configuration problem even when I follow the recipes in the manual and ran the penetration test against it. like I said, it doesn't failsafe and if the system doesn't failsafe, it's not security you can count on.

For example, you should think carefully about how you're going to
protect against man-in-the-middle attacks and replay attacks.

life is too short to reinvent the wheel. I was planning on leveraging existing tools/knowledge.

I solved these problems in arch-pqm by using GPG.

more complexity == less security.

That's so amazingly naïve I don't quite know how to respond.  I'll just
assume you were kidding.

no, not kidding.  one of my principles for development:

There are two ways of constructing a software design; one way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. - C. A. R. Hoare

Complex system, complex configuration, lower certainty of correctness. Which leaves brings us back to my axiom[1], as you increase complexity, you effectively have less security. It's all a property of human cognition. Keep it simple for correctness.


[1] which I admit I reduced a bit too much to a cutesy phrase

reply via email to

[Prev in Thread] Current Thread [Next in Thread]