Principle 4:Least privilege (cont.) In organization don't give everyone access to root passwords -don't give everyone administrator rights On computer -Run process with minimal set of privileges -For example,don't run web application as root or administrator for Java application:not the default policy grant codeBase "ile:$java.ext.dirs)/*"{ permission java.security.AllPermission, but minimum required grant codeBase "file:./forum/*" permission java.security.FilePermission; "/home/forumcontent/*","read/write";}; -CSE825 10CSE825 10 Principle 4: Least privilege (cont.) In organization ─ don’t give everyone access to root passwords ─ don’t give everyone administrator rights On computer ─ Run process with minimal set of privileges ─ For example, don’t run web application as root or administrator for Java application: not the default policy grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; but minimum required grant codeBase "file:./forum/*" { permission java.security.FilePermission; "/home/forumcontent/*","read/write";};