In response to "Roberts, Jon" <Jon.Roberts@asurion.com>:
> > > In an ideal world, if a user can't modify a function, he/she shouldn't
> > be
> > > able to see the source code. If the user can execute the function, then
> > the
> > > user should be able to see the signature of the function but not the
> > body.
> >
> > I doubt that's going to happen. Mainly because I disagree completely
> > with your ideal world description (any user who can execute a function
> > should have the right to examine it to see what it actually does).
>
> That is like saying anyone that has rights to call a web service should be
> able to see the source code for it.
I think that's a good idea. If vendors were forced publish their code,
we'd have less boneheaded security breaches.
> There should be the ability to create
> some level of abstraction when appropriate.
I agree. If vendors want to have boneheaded security breaches, they should
be allowed.
> However, in the current configuration, all users with permission to log in
> can see all source code. They don't have rights to execute the functions
> but they can see the source code for them. Shouldn't I be able to revoke
> both the ability to execute and the ability to see functions?
Um ... why did you snip my second paragraph where I said exactly this?
--
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/
wmoran@collaborativefusion.com
Phone: 412-422-3463x4023
