Hi, I would like to start a bit controversial discussion about the topic indicated in the subject.
"Is listing your site on http://trac.symfony-project.com/wiki/ApplicationsDevelopedWithSymfony a security issue?" It happens already now that somebody announces on this list her or his new site and the next comment is "you should remove your frontend_dev.php" Lets just assume there is a bug inside symfony that does this or that. Might be a more severe one, that might dump database information or similar. Further assume this bug exposes a way to exploit it. Isnt it then a risk to provide the attacker with such a densely populated list of urls he can directly attack? What is the purpose of this list at the moment? Showing that the framework is good enough? Couldn't it be changed to some kind of testimonial system with just giving emails where you can ask for references? And what about building in more security by default? e.g. accepting just localhost connections by default in the _dev frontends (which have to be consciously be modified to enable remote logins?) What do you think? .: Fabian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
