szabo%sequent.uucp@RELAY.CS.NET (Nick Szabo) (12/14/90)
Thanks everybody for the comments. Several have pointed out the lack of security in news. IMHO this may be a feature, not a bug. E-mail aliases are automatically secret: users must request explicit access, even though for most information security beyond the scope of "employee or not" is not necessary and can be harmful to the flow of information. Too many different mail aliases or access lists become unweildy and could lead to the splintering of the organization into fiefdoms. This last is just conjecture. Has anybody had a long enough experience with e-mail to see such things happen? Could using news instead of e-mail aliases prevent this? Nick Szabo
gast@CS.UCLA.EDU (David Gast) (12/29/90)
Nick Szabo writes: > Several have pointed out the lack of security in news. IMHO this may be > a feature, not a bug... I don't understand everything the author is trying to say, so my comments may be slightly off, but ... Mail is not secure either. For example, any user who can become root on his machine can usually send mail under any name that he wishes. (I said usually because there are exceptions). Even if you cannot become root, there are well known, previously published methods of faking mail addresses. David Gast
kadie@cs.uiuc.edu (Carl M. Kadie) (01/01/91)
The computer science department here at the University of Illinois uses a news system for internal communications extensively. Today, for example, I read a reminder that the building is nonsmoking. In addition to the general department-wide newsgroups. Many groups of people have their own newsgroups. For example, my research group has its own group, the professors have their own group, most CS classes have their own group. The software is not the normal news software; rather it is "notes". Security is provided by restricting networking to trusted machines and by having some groups accessable only by people who belong to proper Unix file-protection group. So, for example, only faculty can read the professor's notesfile. Carl Kadie
szabo%sequent.uucp@RELAY.CS.NET (Nick Szabo) (01/02/91)
Carl M. Kadie writes: > Security is provided by restricting networking to trusted machines and > by having some groups accessable only by people who belong to proper > Unix file-protection group. So, for example, only faculty can read the > professor's notesfile. What is the rationale for segregating readers into different groups? Is there information students should not be privy to (such as grades or exam questions) posted to the faculty group? Conversely, does information that might be valuable for a student ever get posted to the faculty group, where the student can't get at it? Nick Szabo