A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?
A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?
To ensure secure logging of all user activity, the developer should assign the 'Append' permission to the log file. Append permissions allow new data to be added to the end of a file without overwriting or deleting existing data. This is essential for maintaining the integrity of the log file, as it prevents any modification or deletion of previous log entries, ensuring the security and accuracy of the logged information. Other permissions like 'Write' could allow the modification or deletion of log data, which could compromise the integrity of the log file.
I think that it is D: Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data (applies to files only). You are no interested in the application delete previous logs.
D is correct
the answer is correct. log files should be write only so the application can write to it.
I get it now, the focus is on the application's permission not the users of the application. Thanks
Why? Append permissions apply to applications, too.
I am a Linux admin and there is no "append" in Linux. The developer doesn't assign permissions; sysadmins do. The app would need write permission but for everyone else it should be probably no access or just read.
C - I've found no evidence that "append" is actually a file system permissions option. Write would be the right option here. The ability to delete/modify data is included in that, however, if Append isn't a valid option, write is the only option left. If anyone has direct evidence of append being a permission option, I'd like to learn, please share it. Windows has the "create folder / append data" option, though my testing doesn't show it does what I would assume it can do.
The BEST permission the developer should assign to the log file to ensure secure logging of all user activity is the "Append" permission. The "Append" permission allows new data to be added to the end of a file without overwriting or modifying any existing data in the file. This is important for secure logging of user activity because it ensures that the log file cannot be tampered with or modified by anyone, including the application itself. If the log file had the "Write" permission, then it would be possible for someone or something to modify or overwrite existing log data, which could compromise the integrity and security of the log file. The "Read" permission is not relevant for this use case since it only allows someone to view the contents of the file. The "Execute" permission is also not relevant since it only applies to executable files, which the log file is not. Therefore, the "Append" permission is the BEST permission to ensure secure logging of all user activity.
Shouldn't it be read access, like in WORM (write once and read many) so no one can modify the logs?
Read access in computing is a permission to access files or directories where the user (or application in this case) is only allowed to read or view, not to make changes. So no, read access would be incorrect for this question.
Approaching this from the perspective of least privilege, D > C in this regard.
Append is stricter than write
I concur with Rollizo, write permission would enable someone to modify, append is the best answer!
Appending data to a file requires write permission on the file itself.
This permission allows writing or modifying the contents of the file, making it essential for the application to log user activity securely.
There is the append permission in Windows and in many cloud storage types, see https://en.wikipedia.org/wiki/Append-only
D. Append To ensure secure logging of all user activity, the developer should assign the "Append" permission to the log file. This permission allows new log entries to be added to the existing log file without overwriting or deleting the previous entries, ensuring that a complete record of user activity is maintained. It prevents users from modifying or deleting log entries, which is essential for maintaining the integrity of the log file for security and auditing purposes.
The following are the common types of rights that can be assigned to log files: Read: This permission allows users or processes to view the contents of the log file. Reading from log files is essential for monitoring system activity, troubleshooting issues, and analyzing historical data. Write: This permission allows users or processes to modify or append to the contents of the log file. Writing to log files is necessary for recording new events, updating log entries, or adding additional information. Execute: In some cases, log files may have execute permissions, allowing them to be executed as scripts or programs. However, this is less common for log files and is typically reserved for executable files.
It needs to write file
I'm not sure if this question is accurate but I think what they're getting at is D because best practice is to set your log files to Append rather than overwrite previous entries in their log files. The first 3 are irrelevant.
Other commenters have me convinced this should be write
read write execute.. these are PERMISSIONS. append isnt a permission.. read write execute 3x.. 777.. right? what is the number for append? Answer is C.
Answer is C, there is no "Append" permission.