Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!sri-spam!ames!ucbcad!ucbvax!UNION.BITNET!GEOFFRIL
From: GEOFFRIL@UNION.BITNET.UUCP
Newsgroups: mod.computers.vax
Subject: Security
Message-ID: <8702200730.AA09940@ucbvax.Berkeley.EDU>
Date: Thu, 19-Feb-87 19:51:00 EST
Article-I.D.: ucbvax.8702200730.AA09940
Posted: Thu Feb 19 19:51:00 1987
Date-Received: Sat, 21-Feb-87 04:03:54 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 20
Approved: info-vax@sri-kl.arpa

RE:  ESJ@ufl's suggestion that students should not see security info
since they might know more than the administrators.
 
We take precisely the opposite perspective.  To begin with, you can assume
a priori that students know more about your system than you do.  If nothing
else, they have far more time to experiment than the rest of us.
 
We cope by stressing that students are colleaguues -- not opponents.  Indeed,
students have been our best "eyes and ears" when others are abusing the
system.  Indeed, I've often challenged them to find the holes in a program
or security technique.  They enjoy the challenge and have spotted subtleties
that escaped more conventional analysis.
 
The bottom line... If you fight your students, you are outnumbered by,
typically 1000 to 1.  If you work with them, you have a tremendous team of
allies.
 
Leo geoffrion,
Skidmore
GEOFFRIL@UNION.BITNET