24 Mar
2012
24 Mar
'12
7:53 a.m.
On 03/23/2012 04:02 PM, Brian Julin wrote:
Not sure, but you should consider running non-virtual instances (not that hard to do) and using privilage separation such that there is little potential for exposure of your internal authentication structure or internally-utilized crypto material to an externally presented service.
I'm curious about what you mean here. I don't see the difference between a single server performing attribute filter & auth, versus two separate processes. Can you explain what threat model you think this addresses?