[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnu-arch-users] Re: WebDAV
From: |
Eric S. Johansson |
Subject: |
[Gnu-arch-users] Re: WebDAV |
Date: |
Fri, 09 Apr 2004 15:57:43 -0400 |
User-agent: |
Mozilla Thunderbird 0.5 (Windows/20040207) |
Colin Walters wrote:
I didn't find it particularly difficult to secure my arch repository.
That said, there is certainly some value in solutions which don't
require complete control over the host. But you should remember that
sftp, being based on ssh, solves some real problems, and is an extremely
well-audited codebase.
ya well, so is Apache but that did not stop me from being bit by a proxy
configuration problem even when I follow the recipes in the manual and
ran the penetration test against it. like I said, it doesn't failsafe
and if the system doesn't failsafe, it's not security you can count on.
For example, you should think carefully about how you're going to
protect against man-in-the-middle attacks and replay attacks.
life is too short to reinvent the wheel. I was planning on leveraging
existing tools/knowledge.
I solved these problems in arch-pqm by using GPG.
http://web.verbum.org/arch-pqm/
more complexity == less security.
That's so amazingly naïve I don't quite know how to respond. I'll just
assume you were kidding.
no, not kidding. one of my principles for development:
"""
There are two ways of constructing a software design; one way is to make
it so simple that there are obviously no deficiencies, and the other way
is to make it so complicated that there are no obvious deficiencies. The
first method is far more difficult. - C. A. R. Hoare
"""
Complex system, complex configuration, lower certainty of correctness.
Which leaves brings us back to my axiom[1], as you increase complexity,
you effectively have less security. It's all a property of human
cognition. Keep it simple for correctness.
---eric
[1] which I admit I reduced a bit too much to a cutesy phrase
- Re: [Gnu-arch-users] Public Arch servers, (continued)
- Re: [Gnu-arch-users] Public Arch servers, Dustin Sallings, 2004/04/09
- [Gnu-arch-users] Re: Public Arch servers, Eric S. Johansson, 2004/04/09
- WebDAV (was: Re: [Gnu-arch-users] Re: Public Arch servers), A.J. Rossini, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Aaron Bentley, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Aaron Bentley, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- [Gnu-arch-users] Re: WebDAV,
Eric S. Johansson <=
- [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Aaron Bentley, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Robin Green, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Dustin Sallings, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Robin Green, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Charles Duffy, 2004/04/09