|
|
|
|
|
|
by perlgeek
3210 days ago
|
|
|
> You can do layered security, but how? Think about a customer service rep. They need access to ~everybody's data at a moment's notice because they're a CS rep. That's what they do. That means every CS rep machine has access to all the data. That is true. But you can observe that a typical CS rep accesses maybe 10 customer's data sets per hour. If they work 8 hours a day, 200 days a year, that's 16k customers they could leak per anno without arousing suspicion Maybe 60k if you allow a fudge factor of 4 to prevent false-positives from highly motivated CS reps. But only if you monitor for this kind of thing. (And better yet, you should rate limit, and monitor). Most security problems don't have perfect solutions, but they do have some solutions that get you 80% there. And if you invest in sufficiently many such 80% solutions, you get to a point where it's not economical for an attacker to continue hammering on your application. |
|
|
It wouldn't have helped in the face of RCE in struts. RCE in struts would let the adversary scp off all the files that make up the database, for instance. This would completely bypass any application-level checks or monitoring.