--- Sean Conner <spc@xxxxxxxxxx> wrote: > It was thus said that the Great Jaqui Greenlees once > stated: > > > > > You could check the php config and other details > at > > > http://82.222.170.52/i.php > > > > This was not a good idea, this list has publicly > > accesable archives of all messages. > > And how is this any different than when it's > requested to post > configurations here, unaltered, for help in > debugging? (sorry, "security > through obscurity" is a hot button topic for me, one > that I don't believe > in). > It's different in that the SERVER IP isn't part of a message with the data in it. Not only is the configuration data there, you have the publicly accessable ip number for the server. the configuration data psted as part of the message, no ip number for someone to use to try to break the system. [ not that apache or linux are that vulnerable to such, compared to Windows and IIS or Microsoft Server. ] > > > We are using Redhat Enterprise Linux 4, we are > > > installing apache , php , and modules from > source. > > > > Why not use the RHEL supplied packages? it would > > simplify the administration and patching for bugs > and > > security issues. > > I found the exact opposite. Using the tarballs to > install has been by far > easier on me than expecting the various package > managmenet tools to work > correctly (I've been burned by apt-get, yum and > emerge too many times to > even bother with them any more). > I personally wouldn't use RHEL or Suse either, both use YUM, both throw really stupid requirements into package dependencies. [ what binary distro doesn't though? ] I was thinking more the maintenance with patching, than the basic installation being easier with a package manager. DIY or LFS are the two distros I think are worth using, a 100% from source, no automated tools build, [ DIY being build scripts, not a installer script ] no bogus dependencies foisted on you by someone else, no bloatware GUI forced on you, no really stupid disable root account type decisions to have to fix. [ can ya tell I'm not happy with most distros? ;) ] I only once, in the last 9 years, have had a single issue caused through an update from a distro supplied package manager, Mandrake 8.2 broke Apache with a mod_perl update. Jaqui __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|