| Subject | Re: [Firebird-Architect] Re: [Firebird-admin] Re: [Firebird-devel] Common Message Repository |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2005-11-07T22:24:48Z |
Jim Starkey wrote:
Now I got it !
And now I can say again, I liked it
:-)
Another thing I have not considered, it could be easily managed by less
privileged users than the firewall rules (and I think more dinamically).
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
>Alexandre Benson Smith wrote:Hi Jim !
>
>
>
>>Jim Starkey wrote:
>>A short term easy to implement fix is to anchor accounts to what I call
>>coteries -- sets of IP addresses from which a given account is valid.
>>This won't stop your roommate, co-worker, or kid from attacking your
>>account, but it will stop other remaining 99.9999% of the hackers.
>>
>>
>>
>>But I was stuccked in Sao Paulo's crazy traffic and remembered it (don't know why I was thinking about it)...
>>
>>This wouldn't be the same that could be achieved using firewall rules ? (defining an IP range authorized to some port).
>>
>>As said by Alex, it could be easy to implement, but what the benefit of it if we already have it at the firewall level ?
>>
>>see you !
>>
>>
>>
>>
>>
>>
>It's a question of control. With coteries you can let less privileged
>users come in from anywhere but restrict SYSDBA (or whatever) to
>specific hosts or hosts strictly behind the firewall.
>
>
>
Now I got it !
And now I can say again, I liked it
:-)
Another thing I have not considered, it could be easily managed by less
privileged users than the firewall rules (and I think more dinamically).
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br