On Fri Jun 06, 2003 at 05:56:46PM +0200, Oden Eriksson wrote: > > In the meantime, I suggest we leave this function alone. > > Hmmm..., would it be possible to disable it globally and enable in for > 127.0.0.1 only? Make it work only in CLI mode?
I don't know if you can do this with PHP unless you created 127.0.0.1 as a virtual host with the directive overriden in the <VirtualHost> section. > One of the goals to be "innovative" for the next Mandrake release could be to > lock down as much as possible from start. Kind of when Vincent disabled root > logins in openssh, I liked that even though it break stuff and make some > people pissed;) My earliest apache2 packages comes to my mind too, it really > made people pissed when everyting was monster splitted and not even mod_dir > was installed per default;) > > Well. It's just an idea as good as any. Personally, I liked it. =) But some people do not approve of my proactive approach to security. I suppose they like the reactive approach better. Ah well... it all boils down to "you can't please everyone all the time"... I suppose it's better to make the majority happy and hope that only stupid people get bit by the unnecessary exposure. <shrug> -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
