On 5/1/2011 9:51 AM, Camaleón wrote:
Regarding the Suhosin module, it should be disabled by default unless you
are not using Apache web server. Review "/usr/share/doc/roundcube-core/
News.Debian.gz" file.
Camaleón, thank you. This is what I needed to know. I indeed do not
use Apache, but Lighttpd.
; Transparent Encryption Options
;suhosin.session.encrypt = on <-- default
suhosin.session.encrypt = off <-- after reading the above
The problem is now resolved.
However, this is very strange because everything worked fine under Lenny
w/ RC 0.3.1 from backports. Note the RC version didn't change with
Squeeze. Also, I checked the date stamps on all the relevant config
files, and none of those were overwritten by the Squeeze upgrade.
I don't know where to verify it, but I'm guessing that PHP5 in Lenny
didn't have Suhosin compiled in and enabled by default, but Squeeze
does. If this is the case, the Squeeze upgrade should have thrown up a
warning about this issue. Allowing a server application to simply be
totally broken after an upgrade, and leaving it to the SA to figure out
what broke, with zero errors in any logs to point him/her in the right
direction, is not acceptable IMO.
Thanks again Camaleón.
--
Stan
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4dbdf15d.7050...@hardwarefreak.com
