[ale] help - how do I log into learnstreet without ...
Michael B. Trausch
mbt at naunetcorp.com
Fri Mar 29 09:39:19 EDT 2013
On 03/28/2013 09:26 PM, David Tomaschik wrote:
> This is true, but it also provides *one provider* who you need to trust
> with security, not every site. You can run that provider yourself with
> OpenID. So, OpenID (or centralized authentication in general) reduces
> the attack surface, but increases the damage from a successful attack.
I'm surprised at you, David! Such a blanket statement. That also
depends on what one has in place to _mitigate_ compromise. I think that
anyone who puts any system in place and then does not plan for it to be
compromised is missing the whole point of security. Assume it will
break. Mitigate what can happen when it does.
One reason why I keep my personal IDs and work IDs separate. If someone
compromises one, they cannot compromise the other.
At work, I use two---one with and one without "privilege". Good
separation of concerns there. One exception to that is my workstation,
where my normal unprivileged ID does carry sudo privilege on this single
system.
After a certain point, all you can do is mitigate damage. You can do
that, though, by so many different methods as to make that a whole tome
(or volumes of them!).
--- Mike
--
Michael B. Trausch, President
Naunet Corporation
Telephone: (678) 287-0693 x130
Toll-free: (888) 494-5810 x130
FAX: (678) 287-0693
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20130329/30fa1bb1/attachment.sig>
More information about the Ale
mailing list