Testbed Support for GridPP member institutes > [mailto:[log in to unmask]] On Behalf Of Kostas Georgiou said: > The restricted proxy allows you to copy files around though right ? Yes, but this thread got started with a sysadmin asking about a job running on his system, and you asking how you know who really started the job. Assuming that admin knows his own system hasn't been hacked (in which case all bets are probably off) it would have taken a full proxy to start the job. > For the UI you only need access as the user that sumbited the > job. That's true, but it's also pretty much true of computer security in general, whatever someone does they could always claim that someone else had cracked their account. Indeed, someone who was doing something nefarious would probably make sure that e.g. they had their password on a post-it note and/or used their birthday, then they have plausible deniability! If you're broadening this to security in general then indeed we are not all that secure, and we've known that for a long time, but it seems that no-one has much interest in doing anything about it. Probably it will stay like that until we have an incident ... Stephen