| PCMS Design Surprise |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ | If
you can authenticate to server, and you |
|||||||||||||||
| know
entity name, you can fetch it |
||||||||||||||||
| – | Surprise:
no per-entity access controls |
|||||||||||||||
| ¨ | Rationale: |
|||||||||||||||
| – | In
order to know the entity name, either: |
|||||||||||||||
| • | You
hacked somebody, or |
|||||||||||||||
| • | Somebody
sent you the name |
|||||||||||||||
| – | In
either case, you were already in a position to |
|||||||||||||||
| get
the content too. Protecting it from you is |
||||||||||||||||
| now
futile. |
||||||||||||||||
|
|
| 600.436 High- |
|
| Assurance
Systems |
|
| Fall
01/PCMS Exercise |
| 8 |