Vulnerability Development mailing list archives
Re: Buffer overflow or overrun?
From: Valdis.Kletnieks () vt edu
Date: Mon, 29 Apr 2002 20:53:27 -0400
On Mon, 29 Apr 2002 15:35:24 CDT, Tina Bird said:
I've certainly had a lot of students get confused about the whole issue, and use "authentification" to combine both assigning an identifier to a person, and validating that a person has the right to use a particular identifier.
Identifying a specific entity as being itself and not an impostor is "authentication". Deciding whether said entity is allowed to perform a requested action is "authorization". The two are quite distinct, even though many people confuse the two. I came up with the following example of the vast difference: Authentication: "OK.. you have a picture ID that say you're Jeffrey Dahmer(*)". Authorization: "Can I lend you a steak knife, Mr Dahmer?". Grisly, but 100% effective in explaining the distinction. (Yes, you can use it, as long as you attribute it. ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech (*) For the non-US list members - Jeffrey Dahmer was a rather nasty serial killer and cannibal....
Attachment:
_bin
Description:
Current thread:
- Re: Buffer overflow or overrun?, (continued)
- Re: Buffer overflow or overrun? Crist J. Clark (Apr 29)
- Re: Buffer overflow or overrun? Steven M. Christey (Apr 29)
- Re: Buffer overflow or overrun? D'Ávila (Apr 29)
- Re: Buffer overflow or overrun? Rodrigo Barbosa (Apr 29)
- Re: Buffer overflow or overrun? David Gadelha (Apr 29)
- Re: Buffer overflow or overrun? Rodrigo Barbosa (Apr 29)
- Re: Buffer overflow or overrun? andreas 'dexxter' halter (Apr 30)
- AW: Buffer overflow or overrun? Johannes Lemmerer (Apr 30)
- Re: Buffer overflow or overrun? D'Ávila (Apr 29)
- Hacker's Digest Issue Four Spring 2002 John Thornton (Apr 30)
- Re: Buffer overflow or overrun? Tina Bird (Apr 29)
- Re: Buffer overflow or overrun? Valdis . Kletnieks (Apr 29)
- Re: Buffer overflow or overrun? Tina Bird (Apr 29)
- Re: Buffer overflow or overrun? Didier Arenzana (Apr 30)