It's not holes per se, but it could be unexpected. Many sites do NOT want to
grant their users the ability to use .htaccess files (increased overhead for
example).
Kurt Seifried, kurt@seifried.org
PGP Key ID: 0xAD56E574 Fingerprint:
A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/
----- Original Message -----
From: "Christian Westphal"
Ermmm... enabling things like authconfig override by default makes for all sorts of potential problems/weirdness. If someone wants to use authconfig and can't be bothered to enable it they probably won't be using it correctly anyways. Sticking in some examples and commenting them out is probably sufficient.
Hm, you will be right...
Actually, I don't see real security holes in enabling it by default. Something I missed?
Thanks a lot!
Chris