(If you cannot install any file, one wonders why you are being payed...)
It's interesting how there are all these rules, suggestions, etc. for security policies with little scientific evidence to back them up and when there is evidence that contradicts the policy that evidence is just ignored. An obvious example is requiring users to have complex passwords that they have to frequently change -- turns out that most users just write the password down on an easy to find post-it note.
Or in this case, instead of relying on fairly robust, mature code, programmers are forced to reinvent the wheel, which in the long run results in a ton of less secure proprietary code. No surprise since the people creating the policies are thinking more about the individual systems instead of how they are networked together. So by trying to keep external code out, in the long run these policies create a new attack vector -- the kludged code that programmers had to write in lieu of the better code they wanted to use.
Not to mention that the OP is going to have to store the password somewhere.... How is is that better than using keybased authentication? Sounds like if someone gets the password, they get a regular shell on the other system. Why not just create a special account there running a restricted shell and use keybased auth? But no, requiring a password is more secure.....
Elda Taluta; Sarks Sark; Ark Arks
| [reply] |