|
|
| Lucky13 2004-01-13, 1:09 pm |
| What is the major weakness in DAC? | |
|
| Possibly that it leaves decisions like 'copy & paste' up to the user. In many situations that is not a good situation. | |
| Supertech 2004-01-13, 3:30 pm |
| DAC allows access to data to be granted or denied at the discretion of the owner of the data. for example, if a user creates a file, they have ownership of it. Being the owner, they could then give anyone else access to it. In secure environments, this can be a major problem, as access can be acquired on the basis of friendship with the file's owner, rather than actual need for access. | |
| Lucky13 2004-01-13, 3:36 pm |
| ok, a question on this was on the poorly worded test today.
I didnt like choice A, B, or C but choice D was "there is no major weakness in DAC". vs. "none of the above"
o well...
are the questions on the CISSP poorly worded as well? This could drive you nutz... | |
| Supertech 2004-01-13, 3:50 pm |
| first CompTIA exam? | |
| RussS 2004-01-13, 11:30 pm |
| I think research will show that the ability to cut & paste is what Comptia is looking for. | |
| Supertech 2004-01-13, 11:33 pm |
| quote:
Originally posted by RussS
I think research will show that the ability to cut & paste is what Comptia is looking for.
Could you possibly expand on this a little? | |
| RussS 2004-01-14, 12:27 am |
| With DAC it is possible to cut and paste text - this allows someone to use that text in a document they created, and can therefore save or print as they wish. MAC and RBAC have the facility to explicitly deny cut & paste.
Several of the Sec+ books in my library seem to consider this the major weakness. |
|
|
|