Beware "All or Nothing"
The technological base of most modern networking is rather naive with respect to security. It was created on the assumption that connection was good and that networks exist to transmit data and facilitate access to resources. Ah, the innocence of those simpler times. The same was true of most software: it was written to be used. Once you logged into the mainframe or minicomputer or departmental server, you were authorized to do whatever there was to do. The original PC environments had no authorization at all: you turned them on and started typing. This history means that an awful lot of technology's original authorization scheme was "none at all." Adding authorization has not been easy, especially in a client/server environment. In a client/server environment we rarely can be certain of the other end which makes trust difficult to establish and maintain. Early authentication was based mostly on permission schemes layered on after logging in. Early sys admins used permis...