![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||
|
widely recognized
I don't see why POLP is used... are there benefits other than widely recognized?
It's meant to inspire discussion of which privileges are appropriate, and to help those who aren't security professionals understand how the security professionals try to accomplish their jobs. That should be the focus of this article. —Preceding unsigned comment added by 192.17.26.197 ( talk) 21:03, 12 August 2008 (UTC)
Tislinthi ( talk) 04:06, 18 November 2008 (UTC) This article seems to be written by someone who does not agree with the utility of the POLP, yet is unable to present convincing arguments as to why the principle is not valid. Limiting what users can do is a fundamental defensive technique, so basic that I wonder why it would even be questioned. I understand that it can be annoying not to have all the privileges one would like, but the fact remains that not everyone can be trusted, and there aren't many ways of knowing in advance who should be given greater power than the minimum necessary. Consider this quote: "Least privilege has also—and arguably incorrectly—been interpreted in the context of distribution of discretionary access control permissions, even to the point of asserting that, e.g., giving user U read/write access to file F violates least privilege if U can complete his authorized tasks with only read permission." It is claimed that application of least privilege to file protection is arguably incorrect - yet where is the argument? Why would someone allow their files to be modified by anyone other than a restricted set of users? It seems basic good sense, and not at all a far-fetched assertion, that a file system be protected from random modification. I guess what bothers me is that this article presents factual information about the POLP, but does so with an unfavorable and unsupported bias against it, which undermines the article's value.
I can see why there needs to be some kind of hierarchy when users are working within an organization, as far as they need only the privileges/accesses necessary to perform their jobs. However, I think there needs to be a different kind of approach to this problem... flat out "denying access" to certain apps within a program often tends to frustration... because the procedures and permissions associated to that person's security access are often just "assumed" by the person delegating the access. It seems a bit abstract and arbitrary.
James Whittacker is a 79-year-old mountaineer, not a computer security commentator. Wrong James Whittacker probably?-- 189.148.13.159 ( talk) 00:46, 2 January 2009 (UTC)
"powerbox" from HP Polaris is a red link, and IMO it should go to an entry in a list of POLA jargons, possibly external to wikipedia. 65.46.169.246 ( talk) 18:33, 9 February 2011 (UTC)
In the section "Implementation" Pp 1, there is the following sentence:
This would be akin to either experiencing amnesia (kernel execution failure) or being trapped in a closed maze that always returns to the starting point (closed loops).
I feel like this contributes nothing to the overall legibility of the implementation example and might confuse unfamiliar readers. Tarilaran ( talk) 19:28, 24 November 2021 (UTC)
Хачу Диму масленекого 82.209.111.151 ( talk) 07:29, 23 February 2022 (UTC)
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||
|
widely recognized
I don't see why POLP is used... are there benefits other than widely recognized?
It's meant to inspire discussion of which privileges are appropriate, and to help those who aren't security professionals understand how the security professionals try to accomplish their jobs. That should be the focus of this article. —Preceding unsigned comment added by 192.17.26.197 ( talk) 21:03, 12 August 2008 (UTC)
Tislinthi ( talk) 04:06, 18 November 2008 (UTC) This article seems to be written by someone who does not agree with the utility of the POLP, yet is unable to present convincing arguments as to why the principle is not valid. Limiting what users can do is a fundamental defensive technique, so basic that I wonder why it would even be questioned. I understand that it can be annoying not to have all the privileges one would like, but the fact remains that not everyone can be trusted, and there aren't many ways of knowing in advance who should be given greater power than the minimum necessary. Consider this quote: "Least privilege has also—and arguably incorrectly—been interpreted in the context of distribution of discretionary access control permissions, even to the point of asserting that, e.g., giving user U read/write access to file F violates least privilege if U can complete his authorized tasks with only read permission." It is claimed that application of least privilege to file protection is arguably incorrect - yet where is the argument? Why would someone allow their files to be modified by anyone other than a restricted set of users? It seems basic good sense, and not at all a far-fetched assertion, that a file system be protected from random modification. I guess what bothers me is that this article presents factual information about the POLP, but does so with an unfavorable and unsupported bias against it, which undermines the article's value.
I can see why there needs to be some kind of hierarchy when users are working within an organization, as far as they need only the privileges/accesses necessary to perform their jobs. However, I think there needs to be a different kind of approach to this problem... flat out "denying access" to certain apps within a program often tends to frustration... because the procedures and permissions associated to that person's security access are often just "assumed" by the person delegating the access. It seems a bit abstract and arbitrary.
James Whittacker is a 79-year-old mountaineer, not a computer security commentator. Wrong James Whittacker probably?-- 189.148.13.159 ( talk) 00:46, 2 January 2009 (UTC)
"powerbox" from HP Polaris is a red link, and IMO it should go to an entry in a list of POLA jargons, possibly external to wikipedia. 65.46.169.246 ( talk) 18:33, 9 February 2011 (UTC)
In the section "Implementation" Pp 1, there is the following sentence:
This would be akin to either experiencing amnesia (kernel execution failure) or being trapped in a closed maze that always returns to the starting point (closed loops).
I feel like this contributes nothing to the overall legibility of the implementation example and might confuse unfamiliar readers. Tarilaran ( talk) 19:28, 24 November 2021 (UTC)
Хачу Диму масленекого 82.209.111.151 ( talk) 07:29, 23 February 2022 (UTC)