It's okay; glad I could help / offer insight. =) Also thank you Mike for mentioning how to restrict allowed subnets -- I didn't realize that was an allowed-ip-addresses netmask; one might consider renaming it to something other than 'host' (e.g. 'allowed_subnet 127.0.0.1 # (0.0.0.0 to allow any client on the internet)') unless this is standard nomenclature.
Best wishes, Mats On Jul 6, 3:09 pm, Christoph Haas <[EMAIL PROTECTED]> wrote: > On Sonntag, 6. Juli 2008, Mats wrote: > > > I am so glad that a concern plus two kind suggestions by a newcomer to > > the fine Pylons community, was addressed by sarcasm (paragraph 2) and > > "that I deserve to get hacked" (paragraph 3) as a response. > > Sorry, I didn't mean to be harsh. But you sounded like you found the answer > while posting to the mailing list but wanted to complain anyway. The > warning is there. And if someone really deploys an application with debug > mode on (which means the default INI file was trashed) then that's what I > meant by "they deserve to get hacked". Like my father-in-law who clicks on > any warning dialog without even reading it. :) > > > After further pondering, I feel this is a valid concern (not addressed > > in docs or startup script), > > I second the idea to only bind the web server to localhost so nobody else > can access the application during development unless the developer > explicitly says so. But I'm contra disabling the beautiful interactive > debugger by default - people might miss it out accidentally and it's one > of the reasons I favor Pylons over anything else. > > One thing I definitely second is that the documentation needs a little > going-over. So if you didn't find the deployment information in the first > place that's understandable. > > Cheers > Christoph > -- > When you do things right people won't be sure you've done anything at all. > > signature.asc > 1KDownload --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
