On Mon Mar 04, 2002 at 10:08:08PM -0500, Levi Ramsey wrote: > > Apache works just *fine* without Indexes. And because it is, > > potentially, a security hole (through inappropriate disclosure), the > > end user should be forced to enable it where appropriate... which is > > exactly the case. > > Yes, but every case that I can think of where a security problem was > caused by Indexes was in reality a case of putting a sensitive file in a > web-accessible directory. The indexing itself is not a problem, imo.
You're right. Think of it as security through obscurity. Not much, in terms of security, but it does add some extra protection, which can be useful for newbies who don't really know what they're doing. I also only make reference to the newbies here because everyone else seems to want to continually point out that Mandrake is for newbies, so those who want to use Mandrake as an "expert" (I guess) are stuck with some newbiezed software configured in a newbiezed way. (not that I believe Mandrake is just for newbies at all) -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 41 days 2 hours 5 minutes.
msg58407/pgp00000.pgp
Description: PGP signature
