-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oden Eriksson wrote: > fredagen den 6 juni 2003 15.03 skrev Jean-Michel Dault: > > > Hmmm..., would it be possible to disable it globally and enable in for > 127.0.0.1 only? Make it work only in CLI mode? > > One of the goals to be "innovative" for the next Mandrake release could be to > lock down as much as possible from start. Kind of when Vincent disabled root > logins in openssh, I liked that even though it break stuff and make some > people pissed;) My earliest apache2 packages comes to my mind too, it really > made people pissed when everyting was monster splitted and not even mod_dir > was installed per default;) > > Well. It's just an idea as good as any. >
Well, I think phpinfo should not be available by default. How about patching it, so that if phpinfo is disabled (I don't know how it works, so I'm guessing this s possible), it returns a message such as "phpinfo is an insecure function, if you really need it, re-enable it in php.ini, if you just want to test if php works, you already have". Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+4L/rrJK6UGDSBKcRAqaSAKCd1d+TCO8XszhYNFoHzcrcEtEKNQCcCfaO sMVoTYHfrzWWKDwgNSFAlhI= =0ytQ -----END PGP SIGNATURE----- ****************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ******************************************************************
