Hello, Am Montag, 13. Februar 2012 schrieb Ralf Lang:
Am 13.02.2012 14:55, schrieb Christian:
Yes, I agree partly. as an example postfix is installed by default, but should not be open to the world. OK But when I "definitly" install a webapp (webmailer) I want to have it "work" when I start apache. I like "ready-to-run" installations. ;)
I like them too. On local network.
* But making an app run which requires a specific apache extension requires restarting (reloading?) apache and disturbing running operations. I do not want this triggered by rpm.
Do you want a bugreport for phpMyAdmin? ;-) (it does /etc/init.d/apache2 try-restart in %post and %postun) Oh, and it should have the apache2 package in the Requires ;-) Ah, and I just found out why I always get a /etc/phpMyAdmin/config.inc.php.rpmnew - %post has a sed command that modifies config.inc.php. Now combine that with a %config %noreplace and you'll get your *.rpmnew. It would be a good idea to move blowfish_secret and the fqdn to a separate file (which is modified by sed) so that config.inc.php can stay unmodified (if the admin is happy with the defaults) and just include the sed'ed file. (I'lll open an enhancement request if you don't object ;-)
* Some apps expose functionality which you don't want to over via web. Example: Horde comes with a system shell and a php shell for admins. The default config authenticates anyone as the administrator until another backend is configured. If you have a system with relaxed /home/ security this means anybody who can access your host can browse all user's data.
That's a security bug (insecure default configuration), please open a bugreport (upstream) and/or fix it.
I don't like that.
I'm sure everybody agrees ;-)
Granted, most web apps don't provide such and it could be configured away. But still.
In other words: Most web apps are secure even without restricting access to it to localhost. The few remaining cases need to be fixed, and no, "allow from 127.0.0.1" is _not_ a fix. Regards, Christian Boltz -- Ein Killfile ist der natürliche Lebensraum von Trollen und Elchen. Wenn sich jemand zu ihnen gesellt, entstehen lustige Geräusche, wie PLONK. Manchmal machts auch PLATSCH, wenn der Lebensraum bereits überbevölkert ist. [David Dahlberg] -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org