|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Please bear in mind that in the world of cryptography, the difference between proper error messages and information disclosure vulnerabilities is narrow, or only a nuance.IMHO, you have it backwards. It is the improper error messages that can pose a security risk. If my OpenSSH program is either misconfigured or malfunctiong, and it may be exposing my systems to something nefarious, then how am I to efficiently debug itThat's why it fails at that point.
It meaning OpenSSH? So what do you mean by its failing? Because it doesn't let me debug efficiently, it fails to be a "nice" program? But that doesn't make sense given your later argument that suggests it shouldn't be a "nice" program because in this case,"nice" programs expose security risks. Unless, of course, you think the failure is OK, that the failure trumps the security risk you claim. Or you mean something else and I'm not getting it?
(I hope this response adds more to the discussion. :-)) -- Maurice Volaski, mvolaski@xxxxxxxxxxxx Computing Support, Rose F. Kennedy Center Albert Einstein College of Medicine of Yeshiva University
[Home] [Fedora Users] [Fedora Legacy] [Fedora Desktop] [Fedora Bible] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
|
|