RE: Programmer Authorities -- MIDRANGE-L


I agree that accidents happen, thats why if nothing else gets done on a 
regular basis, the backups do.

As for the role playing, obviously you have not spent much time in the 
highly paranoid world of the Federal Government. Some individuals refer to 
that Superuser as having God authority, same thing for the Mainframes; We on 
the 400 have fostered as best we can an open environment. Yea even I.... 
delete things that should not be deleted, but the bases are covered.

The big problem comes about when access is restricted without explenation as 
to why! Another problem is when people must smootch someones butt just to 
get what they "need" to get what they have been told to do, done. "Need" is 
of course different for different people.

"We" do not always take the time to assess peoples needs with respect to 
authorities, oft they are out there just a-festering with resentment because 
they cannot get things done. So all I am really saying is by all means cover 
yourself, but talk to those folks, you may be surprised at what is going 
through thier minds.
 ----------
From: Vern Hamberg
To: MIDRANGE-L
Cc: Weatherly, Howard
Subject: RE: Programmer Authorities
Date: Tuesday, September 16, 1997 11:03AM

At 09:13 AM 9/16/97 EDT, you wrote:
>
>If you dont trust your programmers and give them some sense of  your
>confidence
>in them,  they will soon be working for your competitors.

Right, but no amount of confidence can prevent accidents. Most problems
with security come from accidental deletion of objects, etc., not from
malicious hacking. It is critical, IMO, to forestall the idea that
enforcing security is about restrictions or punishment. Being security
officer or (in Unix terms) superuser is not about power or playing God.
It's about managing the system(s) so that everyone--repeat, everyone--can
best get their work done. Excess authority does not get more work done, it
just leaves open the possibility of accidental and (rarely) malicious 
damage.

I've been there--I like having the power--and I have to resist the impulse
to wield it unfairly when I have it, as I do now. I find it useful to
remind myself that the reason I have any privileges is that I've been asked
to do certain jobs that require these privileges, and I guess I've shown
myself worthy of trust in these things. I've __still__ brought every
machine to its knees by carelessness, but I'm learning, too.

We've been through a painful transition from absolutely no security, to all
intents and purposes, to a moderately secure environment. We're coming out
on the other side and are still alive. When things happen, we always assume
no malice was involved.

Security does not mean paranoia!!

Of course, just because you're paranaoid doesn't mean they're not really
after you! :->

Vernon Hamberg
Systems Software Programmer
Old Republic National Title Insurance Company
400 Second Avenue South
Minneapolis, MN 55401
(612) 371-1111 x480
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
| Questions should be directed to the list owner/operator: david@midrange.com
+---