On Sonntag, 6. Juli 2008, Mats wrote: > I am so glad that a concern plus two kind suggestions by a newcomer to > the fine Pylons community, was addressed by sarcasm (paragraph 2) and > "that I deserve to get hacked" (paragraph 3) as a response.
Sorry, I didn't mean to be harsh. But you sounded like you found the answer while posting to the mailing list but wanted to complain anyway. The warning is there. And if someone really deploys an application with debug mode on (which means the default INI file was trashed) then that's what I meant by "they deserve to get hacked". Like my father-in-law who clicks on any warning dialog without even reading it. :) > After further pondering, I feel this is a valid concern (not addressed > in docs or startup script), I second the idea to only bind the web server to localhost so nobody else can access the application during development unless the developer explicitly says so. But I'm contra disabling the beautiful interactive debugger by default - people might miss it out accidentally and it's one of the reasons I favor Pylons over anything else. One thing I definitely second is that the documentation needs a little going-over. So if you didn't find the deployment information in the first place that's understandable. Cheers Christoph -- When you do things right people won't be sure you've done anything at all.
signature.asc
Description: This is a digitally signed message part.
