Re: DevCo: A look from outside the window.

Maël Hörz wrote:

For companies this problem is more difficult, but I mainly thought about private
users.
I am not willing to have my desktop on a server that controls which app I may
start, which content I may view, and having a profile generated of my activites.

Yes, you are right - for private use it is of course not as valid. But actaully, it could make some things easier for most people (non-developers) if you would not have to install and maintain everything by yourself...

If you consider a remote system which can only be used by valid users
and applications, over secure connections, it becomes less probable that
the data will end up to third parties by accident.

Third parties are one issue, the server provider is another.

Yes, that's what I mean: the biggest threat is that the material ends up to third parties. For service providers you should be able to trust even better than your own (sometimes temporary) personnel. So it may very well improve your security if you take the confidential material out of your office...

Yes, I've noticed that in Germany people are usually very concerned
about confidentiality.

Well, it is the basis of democracy, freedom of speech, ...
Without confidentiality you may be exposed to threatening when testifying.
Journalismn wouldn't work without sometimes keeping the sources secret.
In general many things might do no harm if they get public, but consider those
private things (like medical) that can decide if you get a job.

Yes, that is natural. I think I mostly meant that in Germany confidentiality sometimes becomes the priority 1 issue, whereas in some other countries getting work done is priority 1, which does not necessarily mean that confidentiality is sacrificed.

For example, here in Finland people trust each other perhaps too much sometimes, so they consider flexibility very important and we get annoyed if we see that our work is made difficult because of unnecessary security precautions.
.

Relevant Pages

  • RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
    ... server side solution through the content-disposition header (at least ... CONFIDENTIALITY: This e-mail and any files transmitted with it are ... Corsaire Limited, 3 Tannery House, Tannery Lane, Send, Surrey, GU23 7EF ...
    (Bugtraq)
  • Re: SSH vs encrypted passwords
    ... You are correct that a spoofing server could steal the password. ... Password Authentication Method: password ... | string user name ... If no confidentiality is provided, ...
    (comp.os.linux.security)
  • Disaster Recovery
    ... Any pointers on doing a reinstall of a server to get the packaging back to ... I'm assuming that performing a base install then restoring config would be ... Recipients are requested to preserve this confidentiality and to advise the sender immediately of any error in transmission. ...
    (Debian-User)
  • Re: Format setup for exchange 2003
    ... bridgehead server for it to work properly. ... subject to legal or other professional privilege. ... into the VBS event sink free method that is available from MS, ...
    (microsoft.public.exchange.admin)