07-06-2009
I agree with Neo. I'd like to split the matter into two distinct parts, a theoretical and a practical one.
Even theoretically-only spoken the matter of closed-source versus open-source remains complicated. A possible advantage of open-source is the peer-review process which can take place. But to capitalize on this advantage this process has to take place at all, which is in no way guaranteed by something being open-source at all.
A possible advantage of closed-source software would be the "security by obscurity" approach. Experience suggests that this is not a (lasting) security measure at all and in the case of compromised security there is a single possible source able to provide corrective services, whereas open-source software could be changed by everybody in theory, which still leaves a lot of possible authors of corrections in practice.
Approaching the problem on a practical level it has to be stated that "security" is - like "performance" for that matter - a relative term and cannot be used absolutely. There is some value of x you want to protect and there is some estimated effort of y needed to overcome your security measures. If x is (much) bigger than y you have a security problem, otherwise you haven't.
To appraise your security status simply put yourself into the place of the intruder: will it possibly pay off to overcome your defenses? Act, if the answer is "yes" or near there, otherwise don't bother.
It is similar to what i have countlessly told executives in meetings regarding "performance": you have some demand, which can be measured (in seconds, transactions completed, kilobytes, whatever) and there is a system having to meet the demand. It comes down to "does the system meet the specified demand - yes/no?" Performance is not being "fast" but "fast enough".
The same is true for security: what you protect and the efforts for protecting it have to be in proportion and the question is not "safe" but "safe enough".
bakunin
6 More Discussions You Might Find Interesting
1. Post Here to Contact Site Administrators and Moderators
This is a slick looking forum. Any chance on making the code for the forum open source? (1 Reply)
Discussion started by: ecupirate1998
1 Replies
2. IP Networking
Hello there,
I wanted to know the members' opinion about the best open source network management software which uses a web browser to show its interface and results.
I am interested in the software for both windows and Linux OSs.
Thanks. (4 Replies)
Discussion started by: Jawwad
4 Replies
3. UNIX for Dummies Questions & Answers
Hello
What is the best open source anti virus?
Thanks (4 Replies)
Discussion started by: mohammadmahdi
4 Replies
4. UNIX for Dummies Questions & Answers
Hello
what is the best open source antispam?
Thanks http://www.linuxforums.org/forum/images/smilies/icon_smile.gif (1 Reply)
Discussion started by: mohammadmahdi
1 Replies
5. Shell Programming and Scripting
Hi Friends
I'm new to this UNIX - I'm working on the porting project from Solaris To Linux i just want to map some commands from solaris to Linux so can any one please tell me how to get the source code of the commands like "ls", "cu", "du"
Regards
sabee (1 Reply)
Discussion started by: sabee.prakash
1 Replies
6. Fedora
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
Discussion started by: sreyan32
21 Replies
chkey(1) General Commands Manual chkey(1)
NAME
chkey - change user's secure RPC key pair
SYNOPSIS
[ ] [
DESCRIPTION
is used to change a user's secure RPC public key and secret key pair. prompts for the old secure-rpc password and verifies that it is cor-
rect by decrypting the secret key.
If the user has not already used to decrypt and store the secret key with registers the secret key with the local daemon. If the secure-
rpc password does not match the login password, prompts for the login password. uses the login password to encrypt the user's secret
Diffie-Hellman (192 bit) cryptographic key.
ensures that the login password and the secure-rpc password are kept the same.
The key pair can be stored in the file (see publickey(4)), the NIS map, or entries in the LDAP directory. If a new secret key is gener-
ated, it will be registered with the local daemon.
If the source of the is not specified with the option, consults the entry in the name service switch configuration file (see nss-
witch.conf(4)). If the entry specifies one and only one source, then will change the key in the specified name service. However, if mul-
tiple name services are listed, cannot decide which source to update and will display an error message. The user should specify the source
explicitly with the option.
Non root users are not allowed to change their key pair in the file.
Options
Re-encrypt the existing secret key with the user's
login password.
Update the NIS database.
Update the database.
Update the LDAP database.
WARNINGS
HP-UX 11i Version 2 is the last HP-UX release on which NIS+ is supported. LDAP is the recommended replacement for NIS+. HP fully supports
the industry standard naming services based on LDAP.
AUTHOR
was developed by Sun Microsystems, Inc.
FILES
SEE ALSO
keylogin(1), keylogout(1), keyserv(1M), newkey(1M), nsswitch.conf(4), publickey(4).
chkey(1)