[Zope3-checkins] SVN: Zope3/trunk/doc/security/SecurityTarget.tex
Added missing explanation why OE.Trust is required. Solves
observation 2.8.
Christian Theune
ct at gocept.com
Wed Nov 7 08:57:25 EST 2007
Log message for revision 81586:
Added missing explanation why OE.Trust is required. Solves observation 2.8.
Changed:
U Zope3/trunk/doc/security/SecurityTarget.tex
-=-
Modified: Zope3/trunk/doc/security/SecurityTarget.tex
===================================================================
--- Zope3/trunk/doc/security/SecurityTarget.tex 2007-11-07 13:32:21 UTC (rev 81585)
+++ Zope3/trunk/doc/security/SecurityTarget.tex 2007-11-07 13:57:25 UTC (rev 81586)
@@ -1727,6 +1727,11 @@
are physically secure. This means an attacker cannot access the machine
directly, i.e. around Zope.
+ \item[OE.Trust:] This security objective is necessary to complement the
+ assumption that administrator is trustworthy because Zope does not provide any
+ technical means to avoid being compromised by administrators that are
+ not trustworthy.
+
\item[OE.Auditlog:] This security objective covers the assumption
\textbf{A.OS}. To keep the operating system secure and detect possible
intrusions it is vital to continuously monitor the audit log. It is also
More information about the Zope3-Checkins
mailing list