Bug#373235: [pkg-horde] Bug#373235: update for README.Debian for horde3

Dan Pritts danno at internet2.edu
Wed Jun 14 13:36:10 UTC 2006

On Wed, Jun 14, 2006 at 11:56:43AM +0200, Ola Lundqvist wrote:
> > 		Options Indexes MultiViews FollowSymLinks
> > 		AllowOverride None
> > 		Order deny,allow
> > 		Deny from all
> > 		Allow from  # ADD YOUR NET HERE
> > 	    </Directory>
> > 
> > 	For security during configuration, you'll need to put the IP address or
> > 	network block *of the system where you are running your web browser*
> > 	to the "Allow From" line.  Once you are done, you can probably say
> > 	"Allow from all".
> Currently configuration is disabled by default, so it is not needed
> for security reasons... Or?
I agree that this isn't really necessary - it would just limit
the exposure during the time the user is configuring horde, before
they install the generated configuration.  

Not a problem at all if they copy-n-paste their configuration files.

Potentially a problem if they make /etc/horde/ writeable by the web
server and then never finish their configuration.

> > It wouldn't hurt my feelings if you got rid of the default deny from
> > the example configuration, I can imagine that might generate lots of
> > support requests.
> I have not got a single one in the last months, so no I think it is pretty
> clear... :)

I meant the additions I was suggesting.

dan pritts - systems administrator - internet2
734/352-4953 office        734/834-7224 mobile

More information about the pkg-horde-hackers mailing list