On Wed, Sep 02, 2009 at 08:04:43PM -0700, David Anderson wrote:
> Maybe we should add mechanisms to the server software so
> that render it inoperative unless the project admin
> has addressed the basic security issues.
> E.g. nothing works if html/ops is unprotected,
For that you should parse the whole Apache configuration (not everyone
is using .htaccess files to configure authentication). Better would be
to let make_project generate a random password and an appropriate
.htaccess file for the ops pages by default.
> if anything is running as root, etc.
Yes, it would be a good idea if all the daemons/utilities would refuse
to run as root.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
