Hacked SwikiCharles Hixson charleshixsn at earthlink.netThu Jul 25 19:19:53 UTC 2002
Adrian wrote: >Maybe it would be prudent to discuss >details of how to block the vandal away from >a mailing list he may be monitoring. > >Adrian > I believe that standard secutity procedures say that if you do it properly, then monitoring it shouldn't help him. E.g., if you tied the password to an e-mail address, and periodically checked that the e-mail was still valid, then you could make it as useless as you wanted to use a throwaway account. That's a pretty silly way to do things, but knowing you were going to do it would still require that he maintain the e-mail account as active. I prefer a model where you start out will a low level of priviledges, and accumulate more over time via responsible activities. This generally does the job that appears to need doing, and also models the general progression of human groups. When a stranger joins, he isn't immediately a really trusted member. That's something he earns over time by acting in a way that's congenial to the group. This lets anyone join as a tyro, but they need to hang around awhile to graduate to newbie. Then, say, they are allowed to post appended comments to messages, but not to edit existing messages or create new threads. Etc. in stepped progression. Knowing that the group is structured this way doesn't help a vandal much in penetration, although a commercially sponsored individual could work toward the center over time. So to prevent that, you have several central members who maintain backups of the site independently of each other. So that any one of them could reconstitute the whole thing. I think I caught a hint that this is already being done, so this just formallizes it, and acknowledges that those who do this deserve kudos. But this allows any one of those to rebuild the site from scratch, if they need to. Now it doesn't profit anyone to bother penetrating. So knowing this rather than being an advantage to the penetrator acts as a discouragment. I'm not an expert in this area, but this is my take on it. -- -- Charles Hixson Gnu software that is free, The best is yet to be.
More information about the Squeak-dev mailing list |