 |
 |
> The "vulnerability" is that as there is no authorization in R-GMA. This > means that anyone can view information in R-GMA . However, this is true > for most grid information and monitoring systems right now. The fact that all other grid monitoring systems are insecure, does not mean that we should be any more sanguine about running ours. > There is a plan to turn on authorization within R-GMA but it requires a > migration path. First the R-GMA server needs to work in both secure and > in-secure mode. This was hoped for release LCG-2_6_0 but due to > problems, will not happen everywhere until LCG-2_7_0. For the release > after that all the clients will be deployed that work in secure mode > only and when everyone has upgraded to that release we can turn off the > insecure version. The LCG has what I might call a microsoft approach to security. "Get the functionality out of the door and worry about the security implications when backed into a corner". > >So we are stuck with an insecure version until *everyone* upgrades? > >If I want to secure R-GMA my only option is to effectively disable it > >as far as I can see :( > > > >Kostas Paul +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Paul Kyberd Brunel University + + E-mail: [log in to unmask] Department of Electronic and + + Phone: +44-(0)1895-266801 Computer Engineering + + Fax: Uxbridge, Middlesex UB8 3PH + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++