Re: Buffer overflow or overrun?
From: Valdis.Kletnieks@vt.eduDate: 04/30/02
- Previous message: Tim Morgan: "Re: The Hazard of using 'printer friendly' functions on commercial sites"
- In reply to: Tina Bird: "Re: Buffer overflow or overrun?"
- Next in thread: Tina Bird: "Re: Buffer overflow or overrun?"
- Reply: Tina Bird: "Re: Buffer overflow or overrun?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Tina Bird <tbird@precision-guesswork.com> From: Valdis.Kletnieks@vt.edu Date: Mon, 29 Apr 2002 20:53:27 -0400
On Mon, 29 Apr 2002 15:35:24 CDT, Tina Bird said:
> I've certainly had a lot of students get confused about
> the whole issue, and use "authentification" to combine
> both assigning an identifier to a person, and validating
> that a person has the right to use a particular identifier.
Identifying a specific entity as being itself and not an impostor
is "authentication". Deciding whether said entity is allowed to
perform a requested action is "authorization". The two are quite
distinct, even though many people confuse the two.
I came up with the following example of the vast difference:
Authentication: "OK.. you have a picture ID that say you're Jeffrey Dahmer(*)".
Authorization: "Can I lend you a steak knife, Mr Dahmer?".
Grisly, but 100% effective in explaining the distinction. (Yes, you can
use it, as long as you attribute it. ;)
-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech(*) For the non-US list members - Jeffrey Dahmer was a rather nasty serial killer and cannibal....
- application/pgp-signature attachment: stored
- Previous message: Tim Morgan: "Re: The Hazard of using 'printer friendly' functions on commercial sites"
- In reply to: Tina Bird: "Re: Buffer overflow or overrun?"
- Next in thread: Tina Bird: "Re: Buffer overflow or overrun?"
- Reply: Tina Bird: "Re: Buffer overflow or overrun?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
