On Thu, September 28, 2006 8:42 am, Zhasper wrote: > On 9/28/06, Voytek Eymont <[EMAIL PROTECTED]> wrote:
> I'd suggest that a more effective strategy might be to talk to your > users; tell them what you've found, why it's unacceptable, and what action > you'll be taking if you discover anything similar in future. Also make it > clear to them how they can check things with you before they install, and > be proactive in helping them find solutions that don't compromise your > security - for instance, sticking phpmyadmin behind a .htaccess file. thanks, Zhasper yes, I will, clearly, I need to spell it out, it's obvious I overestimated users' grasp of security, etc., or, in fact, his ability to understand what's good and proper: a php shell script the user installed had clear warning 'do not place this on your server without admin's permission' -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html