Perry Harrington <pedwardWEBCOM.COM> writes:
> I don't think the behavior should change because of DSR. DSR is more
> useful than 'rightness' in my opinion. A switch to turn it off if you
> don't want it is something I'd advocate, but the default should be 'on'.

Why? Using direct service return is the unusual case. People who're doing
load-balancing already need to do complex configuration -- what's so big
about also having to turn on a flag to use the Weak ES Model? If you can
make the average system more secure by making Strong ES the default, why not
do so?

----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraqdilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]