Re: access control and non-default contexts

>>>>> "DS" == Dave Shield <D.T.Shield@csc.liv.ac.uk> writes:

DS> I'm inclined to leave things as they stand - this feels a more secure
DS> arrangement, and is probably in line with default expectations. But
DS> it does result in a minor change in behaviour, so I wouldn't object if
DS> the consensus was to switch back to the previous, more open
DS> configuration.

[same text posted to a different note, but I'll repeat it in the
proper thread... In short I'm against the functionality change as I
don't see a reason for it. It doesn't buy you any more security; the
introduction of the ability does, but not the modification of the
default as long as it's documented.]

I actually think it should authorize all by default. That's what it's
done before and it's a behavior change. Had it been a bad thing, I'd
of course say otherwise. But I think the default user case will be to
authorize access to all contexts. The rouser, etc, cases are already
convenience wrappers likely to be used by people authorizing a user to
access to almost everything. Contexts also have not been a common way
to separate different security data areas.

The *ability* to limit to a context is certainly important, but I
don't think it needs to limit to just "" by default. Assuming that's
what's going on, because I'm speaking without having read the code of course.

--
Wes Hardaker
Sparta, Inc.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/...et-snmp-coders