Re: Buffer overflow or overrun?

[Valdis.Kletnieks () vt edu]

On Mon, 29 Apr 2002 15:35:24 CDT, Tina Bird said:

> I've certainly had a lot of students get confused about
> the whole issue, and use "authentification" to combine
> both assigning an identifier to a person, and validating
> that a person has the right to use a particular identifier.

Identifying a specific entity as being itself and not an impostor
is "authentication".  Deciding whether said entity is allowed to
perform a requested action is "authorization".  The two are quite
distinct, even though many people confuse the two.

I came up with the following example of the vast difference:

Authentication: "OK.. you have a picture ID that say you're Jeffrey Dahmer(*)".

Authorization: "Can I lend you a steak knife, Mr Dahmer?".

Grisly, but 100% effective in explaining the distinction. (Yes, you can
use it, as long as you attribute it. ;)
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

(*) For the non-US list members - Jeffrey Dahmer was a rather nasty
serial killer and cannibal....

Attachment: _bin
Description: