Hi again! * Jeremy T. Bouse <jbo...@debian.org> [2010-02-01 18:19:31 CET]: > Moritz Muehlenhoff wrote: > > An additional possibility might be to limit the scope of security support > > to local, trusted users behind an authenticated HTTP zone. We're doing that > > for a few applications already, e.g. sql-ledger or ocsinventory. > > You wouldn't expose your accounting or hardware inventory to untrusted > > users and the same should apply to IDS results. > > In which case this is a non-issue to anyone who uses the default Apache > configuration which limits access to localhost and has since 1.2.7.
In this case I guess we can close this bug for lenny. Is this fine with you, Moritz? Thanks for the quick responses! Rhonda -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org