Martin Hejl wrote:
The short version is that it's a sane default, and somebody who wants to
get rid of libwrap checking can simply add "ALL: ALL" to hosts.allow.
IMHO, the default config should not be as open as possible, but rather
as secure as possible, and somebody who wants to open the box to the
outside world has to make the change manually.
Agreed and seconded!
As to why, several rules of good security are in play:
First is "Security in Depth." If the firewall fails or is
misconfigured, then the tcpwrappers will be a second line of defense.
Second is the rule that states one should close all ports as much as
possible.
Lastly, consider that tcpwrappers are more flexible than the standard
firewall. Logging and other details are done, and the wrappers are used
on a per daemon basis.
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel
