LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of Jules Wolfrat said:
> I accept your point, but you can't expect that sysadmins deal
> with this
> situation, they never can tell if a validated action is wanted or
> unwanted. And I wonder if you ever can do a restore of the RLS on
> request of a user because of the above because of the reasons
> mentioned
> before, the loss of changes between time of restore and time
> of backup.
I've tried to avoid being too explicit on a semi-public mailing list, but I
guess I have to be (no security through obscurity). LCG is living on
borrowed time when it comes to hackers, we have many security holes and the
main thing protecting us is just that hackers haven't yet got around to
noticing us; sooner or later they will, and we'll be in trouble! Probably
the biggest hole as things stand is the total lack of security on the
catalogues which means that any hacker can do anything they like with almost
no effort. I think the minimum that can be done is to keep catalogue backups
for a reasonable length of time. I agree that restoring would be quite
tricky, but it wouldn't be that hard to take the union of all the records in
the current and backed-up states and then go through and remove the ones
which don't have a physical file at the endpoint. Certainly it would be a
lot better than finding that everything has been corrupted and there is no
way back ...
Stephen
|