Le Dim 21 juillet 2013 23:54, Richard W.M. Jones a écrit : > On Sun, Jul 21, 2013 at 07:39:50PM +0200, drago01 wrote: >> On Sun, Jul 21, 2013 at 6:47 PM, Jared K. Smith >> <jsmith@xxxxxxxxxxxxxxxxx> wrote: >> > On Sat, Jul 20, 2013 at 12:53 PM, Adam Williamson >> <awilliam@xxxxxxxxxx> >> > wrote: >> >> >> >> I'm not sure if I'm missing anything here, but is it intended that >> >> webapps should not be accessible from anywhere but localhost by >> default? >> > >> > >> > That's my understanding, yes. It follows from the general >> understanding >> > that network-accessible daemons (with perhaps the exception of sshd) >> should >> > not be accessible from outside of localhost by default. >> > >> > Now I'm curious... do you have a particularly strong reason why web >> apps >> > should be different than any other network daemon? >> >> Because they aren't. The daemon in this case is httpd, not the webapps. > > I guess each web app increases the attack surface (versus just httpd > serving only flat files). > > Returning to the .rpmnew point, isn't it possible to have the web > service include an alternative configuration file which would override > the defaults? That way the "pristine" configuration file from RPM > would be unchanged, and therefore upgradable. Another possibility would be to deploy the default confs in a separate dir, with a symlink to the effective dir. Want to change the default conf, break the symlink, rpm can continue to update the link target with no side effects. -- Nicolas Mailhot -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
