|
|
|
|
|
|
by OptionOfT
155 days ago
|
|
|
> It's pretty clear that the security models designed into operating systems never considered networked systems. Given that most operating systems were designed and deployed before the internet, this should not be a surprise. I think Active Directory comes pretty close. I remember the days where we had an ASP.NET application where we signed in with our Kerberos credentials, which flowed to the application, and the ASP.NET app connected to MSSQL using my delegated credentials. When the app then uploaded my file to a drive, it was done with my credentials, if I didn't have permission it would fail. |
|
|
That ASP.NET application couldn’t just talk to MSSQL. It could do anything it liked that you had permission to do.