[Zope3-checkins] SVN: Zope3/trunk/doc/security/SecurityTarget.tex Added missing explanation why OE.Trust is required. Solves observation 2.8.

Christian Theune ct at gocept.com
Wed Nov 7 08:57:25 EST 2007


Log message for revision 81586:
  Added missing explanation why OE.Trust is required. Solves observation 2.8.
  
  

Changed:
  U   Zope3/trunk/doc/security/SecurityTarget.tex

-=-
Modified: Zope3/trunk/doc/security/SecurityTarget.tex
===================================================================
--- Zope3/trunk/doc/security/SecurityTarget.tex	2007-11-07 13:32:21 UTC (rev 81585)
+++ Zope3/trunk/doc/security/SecurityTarget.tex	2007-11-07 13:57:25 UTC (rev 81586)
@@ -1727,6 +1727,11 @@
   are physically secure. This means an attacker cannot access the machine
   directly, i.e. around Zope.
 
+  \item[OE.Trust:] This security objective is necessary to complement the
+      assumption that administrator is trustworthy because Zope does not provide any
+      technical means to avoid being compromised by administrators that are
+      not trustworthy.
+
   \item[OE.Auditlog:] This security objective covers the assumption
   \textbf{A.OS}. To keep the operating system secure and detect possible
   intrusions it is vital to continuously monitor the audit log. It is also



More information about the Zope3-Checkins mailing list