Vulnerability Development mailing list archives
Re: Buffer overflow or overrun?
From: Tina Bird <tbird () precision-guesswork com>
Date: Mon, 29 Apr 2002 20:13:24 -0500 (CDT)
Yes, but I was distinguishing identification and authentication, not authentication and authorization. To derive the word "authentification," which doesn't have anything to do with authorization. Amazing discussion we're generating on this non- existent word ;-) On Mon, 29 Apr 2002 Valdis.Kletnieks () vt edu wrote:
On Mon, 29 Apr 2002 15:35:24 CDT, Tina Bird said:I've certainly had a lot of students get confused about the whole issue, and use "authentification" to combine both assigning an identifier to a person, and validating that a person has the right to use a particular identifier.Identifying a specific entity as being itself and not an impostor is "authentication". Deciding whether said entity is allowed to perform a requested action is "authorization". The two are quite distinct, even though many people confuse the two. I came up with the following example of the vast difference: Authentication: "OK.. you have a picture ID that say you're Jeffrey Dahmer(*)". Authorization: "Can I lend you a steak knife, Mr Dahmer?". Grisly, but 100% effective in explaining the distinction. (Yes, you can use it, as long as you attribute it. ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech (*) For the non-US list members - Jeffrey Dahmer was a rather nasty serial killer and cannibal....
Current thread:
- Re: Buffer overflow or overrun?, (continued)
- Re: Buffer overflow or overrun? Steven M. Christey (Apr 29)
- Re: Buffer overflow or overrun? D'Ávila (Apr 29)
- Re: Buffer overflow or overrun? Rodrigo Barbosa (Apr 29)
- Re: Buffer overflow or overrun? David Gadelha (Apr 29)
- Re: Buffer overflow or overrun? Rodrigo Barbosa (Apr 29)
- Re: Buffer overflow or overrun? andreas 'dexxter' halter (Apr 30)
- AW: Buffer overflow or overrun? Johannes Lemmerer (Apr 30)
- Re: Buffer overflow or overrun? D'Ávila (Apr 29)
- Hacker's Digest Issue Four Spring 2002 John Thornton (Apr 30)
- Re: Buffer overflow or overrun? Steven M. Christey (Apr 29)
- Re: Buffer overflow or overrun? Tina Bird (Apr 29)
- Re: Buffer overflow or overrun? Valdis . Kletnieks (Apr 29)
- Re: Buffer overflow or overrun? Tina Bird (Apr 29)
- Re: Buffer overflow or overrun? Didier Arenzana (Apr 30)