Le ven 06/06/2003 à 12:34, Vincent Danen a écrit : > > > In the meantime, I suggest we leave this function alone. > > Hmmm..., would it be possible to disable it globally and enable in for > > 127.0.0.1 only? Make it work only in CLI mode? > > One of the goals to be "innovative" for the next Mandrake release could be to > > lock down as much as possible from start. Kind of when Vincent disabled root > > logins in openssh, I liked that even though it break stuff and make some > > people pissed;) My earliest apache2 packages comes to my mind too, it really > > made people pissed when everyting was monster splitted and not even mod_dir > > was installed per default;) > Personally, I liked it. =) But some people do not approve of my proactive > approach to security. I suppose they like the reactive approach better.
Why don't we disable /proc? It's pretty insecure... Why don't we patch pam so we need an 8-digit password with capitals, numbers, punctuation otherwise it's not accepted? Why don't we disable the autologin feature that means anyone can access the system without username and password? Why don't we setup lilo so it has a mandatory password by default? There is a balance between security and convenience. There are things you suggested which got into Apache even though I knew there would be some backlash around it, but that I accepted since most users take default settings and don't fiddle with them. In this case, it made sense. But taking the function that 99% of people use first when developing a web site is asking for serious trouble. As I said, the moment the PHP group accepts this, I'm in, as this will be covered extensively by the manual, support websites, and howtos. If you want to be proactive, send a mail to [EMAIL PROTECTED], and see his reaction ;-) -- Jean-Michel Dault <[EMAIL PROTECTED]>