www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Danny Angus" <da...@apache.org>
Subject FW: WORA Considered Evil ;-)
Date Fri, 27 Jun 2003 14:22:26 GMT
Don't know if Pier is subscribed to James-dev ..

> -----Original Message-----
> From: Richard O. Hammer [mailto:ROHammer@EarthLink.net]
> Sent: 27 June 2003 15:02
> To: James Developers List
> Subject: Re: WORA Considered Evil ;-)
> Pier Fumagalli wrote:
> > All those components must run ...  (for security) under different user
> > privileges.
> Pier mentioned this point repeatedly, asserting that security can be 
> gained by running the various pieces of the MTA under different users' 
> privileges.  Since I also lack sysadmin experience, I wonder if 
> someone could tell me the motivation for this precaution. 
> Historically, what went wrong that caused sysadmins to prefer running 
> separate pieces of an MTA under separate users' privileges?
> I wonder if that kind of thing, whatever it was that went wrong, could 
> happen with Java and James.  Java has a lot of security built in which 
> is lacking in C and other languages.
> I wonder if a lot of the traditional sysadmin's paranoia comes from 
> growing up with Sendmail.  As I understand the history, Sendmail had 
> its architectural foundations laid before anyone thought much about 
> security.  As such, it helped raise a generation of paranoid sysadmins.
> But when you understand a problem it usually suffices to solve the 
> problem once, just exactly once.  After you have stepped on a bug, it 
> does not always help to step on it again a second, third, ... tenth time.
> But of course paranoia evolved into the human psyche for some good 
> reason.  Until you have mastered a problem paranoia often pays: do 
> anything, do everything.
> Rich Hammer
> Hillsborough, N.C.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-dev-help@jakarta.apache.org
View raw message