https://bugzilla.wikimedia.org/show_bug.cgi?id=63961
--- Comment #5 from Chris Steipp <[email protected]> --- I prefer a whitelist for two reasons: * When we have security issues that effect the outbound connection (the curl-imap overflow, and need I even bring up heartbleed), then forcing a delay between when someone setting up a hostile server to exploit the flow and getting requests from wmf servers is a good thing. * If an attacker is running a 0-day attack, and gets the url approved before we patch our servers, we at least have an audit log of who requested and approved the url whenever we figure out it's hostile. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
