Saturday, May 1, 2010
Release It! - Chapter 12.1 The Principle of Least Privilege
The principle of “least privilege” mandates that a process should have the lowest level of privilege needed to accomplish its task -- which usually means running as a non-admin user. Using privileged accounts gives crackers a place to attack your systems. To further contain vulnerabilities, each major application should have its own user, such as "tomcat" for an Apache Tomcat process.