<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
You took my comment out of context. I said:<br>
<blockquote type="cite">I would argue for having the default with no
security enabled, especially between workers and the service. </blockquote>
So, again, this states that the default security level between service
and workers be without any security... I think it is OK (maybe even
preferred) to have the default security be enabled for the clients /
Falkon provider. I still don't understand why you are saying that no
security implies "negligently broken", as that is what Condor and PBS
do as well. The only entities injecting work into Falkon are the
clients (not the workers), and hence I agree that its important to
protect against clients by adding some default security. Not
protecting against the workers might simply allow wholes in the system
for denial of service attacks, but I don't see how arbitrary code from
anyone could possibly be run if the single entry point into the service
(the client interface) is protected.<br>
<br>
I really don't care what you set the defaults to, my only point and
argument was that I wanted to make things easiest on the end-users!<br>
<br>
Ioan<br>
<br>
Ben Clifford wrote:
<blockquote
cite="mid:Pine.LNX.4.64.0709061737480.9754@dildano.hawaga.org.uk"
type="cite">
<pre wrap="">On Wed, 5 Sep 2007, Ioan Raicu wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I would argue for having the default with no security enabled
</pre>
</blockquote>
<pre wrap=""><!---->
Giving software out to users that by default allows any person anywhere on
the internet can execute arbitrary code as them seems negligently broken.
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
============================================
Ioan Raicu
Ph.D. Student
============================================
Distributed Systems Laboratory
Computer Science Department
University of Chicago
1100 E. 58th Street, Ryerson Hall
Chicago, IL 60637
============================================
Email: <a class="moz-txt-link-abbreviated" href="mailto:iraicu@cs.uchicago.edu">iraicu@cs.uchicago.edu</a>
Web: <a class="moz-txt-link-freetext" href="http://www.cs.uchicago.edu/~iraicu">http://www.cs.uchicago.edu/~iraicu</a>
<a class="moz-txt-link-freetext" href="http://dsl.cs.uchicago.edu/">http://dsl.cs.uchicago.edu/</a>
============================================
============================================</pre>
</body>
</html>