[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] Re: multitaskhttpd experiment
From: |
Karsten Hilbert |
Subject: |
Re: [Gnumed-devel] Re: multitaskhttpd experiment |
Date: |
Fri, 16 Jul 2010 15:07:43 +0200 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Fri, Jul 16, 2010 at 10:47:47AM +0000, Luke Kenneth Casson Leighton wrote:
> > If not explicit, does the app achieve it implicitly (functionally) on
> > account
> > of playing a pass-through role for all user sessions and credentials?
> > Thereby
> > presenting a locus of attack and takeover outside the control of the
> > database?
> > Is that the fundamental security vulnerability i.e. that "control" has been
> > given away from the database?
Exactly.
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346