Re: Proxy 2.0 secure? (AG vs. SPF)

["Joseph S. D. Yao" <jsdy () cospo osis gov>]

> And do the web folks recommend that you compile your web server
> into the kernel, or run as user nobody?

No intelligent ones.  Only Microsoft.

However, consider that there are different levels of abstraction
running here.  The part that sees IP packets and passes them up should
logically be at a lower level.  Then the part that knows that - wow -
there are different kinds of IP packets.  Then the part that knows that
there are different ports for each IP protocol.  And so on up to the
part that understands HTML and displays it to the user, which is
necessarily much higher than that part that we passed a long time ago
that takes bits off the wire and assembles them into packets.

You guys are devoting an awful lot of otherwise productive bandwidth to
answering each other's teeniest leetle deviations from absolutely
correct statements.  How about just sticking to the meat of the
matter?

There are different levels of abstraction.  You can do your
"firewalling" at one OR MORE of these different levels.  If you do it
simultaneously at multiple levels, sometimes the perfect model (e.g.,
of a packet filter that doesn't touch packets) has to be modified.

You disagree on the "best" level of abstraction.  That's fair and
honorable.  But don't dwell on petty details.  Either agree to
honorably disagree, or - and play fair! - make your simple case, in
simple language that is difficult to misinterpret - and then be done
with it.

Eh?

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO Computer Support                                          EMT-A/B
-----------------------------------------------------------------------
        PLEASE ... send or Cc: all "COSPO Computer Support" mail to
                        sys-adm () cospo osis gov
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.