Writing Software: Easy Vs. Least Privilege
So I've noticed that almost every developer that I've spoken to lately about software we use in my office has given me similar advice during tech support phone calls. "Give the users more access" or worse yet: "Full Access." Recently I was asked to open all ports from any source on my firewall so one of my users could access an ftp site. (Dumb tech support chick.) Why would they think this is okay? Apparently some software developers don't understand the purpose of security. Everytime I hear something like that come from a developer or support technician I want to send them to:
Principle of Least Privilage
How can I as an administrator feel comfortable agreeing to give full control to every Tom, Dick, and Harry on my network?
I just recently started to consider myself a serious developer. But as an administrator first I've found myself paying very close attention to privilage. It sure makes things difficult, but I never want to tell a user that they should give everyone full control.