It's not holes per se, but it could be unexpected. Many sites do NOT want to grant their users the ability to use .htaccess files (increased overhead for example). Kurt Seifried, kurt@seifried.org PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/ ----- Original Message ----- From: "Christian Westphal" <christian.westphal@insyte.de> To: "'SuSE-Security'" <suse-security@suse.com> Cc: "'Kurt Seifried'" <listuser@seifried.org> Sent: Monday, September 10, 2001 5:24 AM Subject: AW: [suse-security] Apache on SuSE 7.2 and .htaccess
Ermmm... enabling things like authconfig override by default makes for all sorts of potential problems/weirdness. If someone wants to use authconfig and can't be bothered to enable it they probably won't be using it correctly anyways. Sticking in some examples and commenting them out is probably sufficient.
Hm, you will be right...
Actually, I don't see real security holes in enabling it by default. Something I missed?
Thanks a lot!
Chris