Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: ZoneMinder - Linux CCTV package https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220931 ------- Additional Comments From tibbs@xxxxxxxxxxx 2007-06-24 16:19 EST ------- I didn't realize that the files were actually served directly out of the events directory. Your solution seems to be about as good as possible, except that in addition I think you could consider disabling indices in those directories (or everywhere in the zm directory). Frankly I don't understand why it might be useful to have them enabled. You might also consider documenting how to disable the zoneminder's login and set up regular Apache access control in this case. It's really not much protection as it should be trivial to guess the directory structure there; zm would have to switch to using random strings instead of whole numbers starting at 1 for cameras and events if the authors don't want to switch to serving that data via a CGI. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review