I and my colleagues were discussing today our security system comparing it to Unix file access permissions. And at some point a question arose: are there any use cases when you must restrict access to WRITE only? I would appreciate links to articles or books discussing this particular case of permissions usage.
Asked
Active
Viewed 22 times
0
-
1Write only is the policy I use for my anonymous ftp server. You can put files (write) but you cannot get files (read). I guess this situation is rather common: a shared resource where everybody is allowed to commit but only an administrator can read what has been committed. – Renaud Pacalet Sep 09 '15 at 13:36
1 Answers
1
Yes, we have a service oriented architecture implementing a hospital system, where all actions in each service are audit logged. Those services are allowed to write to the audit log, but not read from it, as that would allow them to potentially see and expose PHI written to the audit log by another service.
Only the audit log service is allowed to read the logs. All other services have write only access.
MvdD
- 22,082
- 8
- 65
- 93
-
Thank you! I was thinking exactly about this case when you confirmed it's validity. – Aleksandr Kravets Sep 16 '15 at 09:32