Greetings mortal, Arlie!
You wrote on Mon, 1 Aug 2005 12:48:37 -0400:
AD> This approach will never work reliably, no matter what. All you get
AD> is security through obscurity, anyway. Security should control
AD> *capabilities*, and the name of an executable is not a capability,
AD> nor is it an identity.
AD> I can’t count the number of public “kiosk” machines that I have
AD> encountered that do what they can to block access to certain
AD> programs / functionality /
AD> etc., but which can be trivially bypassed by stupid shell tricks.
Why when speech comes about one problem somebody always try to translate conversation to
other problem?
Don’t think about the security administration is big mistake.
Eugene.