[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Negative Policies
> Later I realized the answer. Positive policies fail closed, negative > policies fail open. Failing closed (default deny) is preferable for two > related reasons. First is the general security practitioner paranoid view > that good security means that things should only be allowed if explicitly > specified. negative policies fail open if negative authorizations is the only thind you have (meaning you stick to the classical open policy of "i support *only* negative authorizations and whatever i do not deny it is allowed). i do not believe that this was ever the case in our discussion. best -p
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC