[refpolicy] Proxies

[refpolicy] Proxies

[Russell Coker]

http://dansguardian.org/

I'm thinking of writing a policy for Dans Guardian, is it worth having a 
separate domain or should I run it in squid_t?  While it's not uncommon to run 
both on the same server there seems little benefit in isolating them, 
generally an attacker would get all the benefit that they are likely to get 
from compromising just one of them.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

[refpolicy] Proxies

[Christopher J. PeBenito]

On 03/24/11 01:37, Russell Coker wrote:
> http://dansguardian.org/
> 
> I'm thinking of writing a policy for Dans Guardian, is it worth having a 
> separate domain or should I run it in squid_t?  While it's not uncommon to run 
> both on the same server there seems little benefit in isolating them, 
> generally an attacker would get all the benefit that they are likely to get 
> from compromising just one of them.

I'd tend to go with a separate domain.  If you want to use squid and
dansguardian, you couldn't write a policy that would ensure that all the
traffic went though dansguardian if both services are in the same domain.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com