RE: Per-modules readers/writers ?

[Paul Sander]

There's a lot to be said for denying all users the ability to log in to a
critical application server (i.e. not giving them accounts), and then
connecting the applications up to sockets and letting them do their own
user authentication and access authorization.  This is particularly true
if you need to grant access to data in ways that don't map well to the
access control mechanism supplied with the operating system.  And if the
authentication is strong (it can even be stronger than what the OS supports)
then all of the arguments against using such mechanism lose their strength;
by virtue of passing a difficult test points accountability to the right
users.

The drawback is that there's central user database.  This is also a
compelling feature to support data sharing across multiple critical
applications.

--- Forwarded mail from address@hidden

YES, I understand that its security is not perfect. It's a lot better
than not having any damned control at all. After all, I don't have
hostile hackers roaming the halls and my network trying desperately to
work around the security in CVS. Heck, if I have hostile hackers loose
in my network, I have a address@hidden of more problems than whether they can
read a particular source file..

Or is the philosophical opposition to such grafted-on mechanisms so
great here that no one is ready to even consider any sort of feature in
CVS that might dare whisper of the access control heresy?

--- End of forwarded message from address@hidden