Webapps denying all outside access by default?
Richard W.M. Jones
rjones at redhat.com
Sun Jul 21 21:54:13 UTC 2013
On Sun, Jul 21, 2013 at 07:39:50PM +0200, drago01 wrote:
> On Sun, Jul 21, 2013 at 6:47 PM, Jared K. Smith
> <jsmith at fedoraproject.org> wrote:
> > On Sat, Jul 20, 2013 at 12:53 PM, Adam Williamson <awilliam at redhat.com>
> > wrote:
> >>
> >> I'm not sure if I'm missing anything here, but is it intended that
> >> webapps should not be accessible from anywhere but localhost by default?
> >
> >
> > That's my understanding, yes. It follows from the general understanding
> > that network-accessible daemons (with perhaps the exception of sshd) should
> > not be accessible from outside of localhost by default.
> >
> > Now I'm curious... do you have a particularly strong reason why web apps
> > should be different than any other network daemon?
>
> Because they aren't. The daemon in this case is httpd, not the webapps.
I guess each web app increases the attack surface (versus just httpd
serving only flat files).
Returning to the .rpmnew point, isn't it possible to have the web
service include an alternative configuration file which would override
the defaults? That way the "pristine" configuration file from RPM
would be unchanged, and therefore upgradable.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
More information about the devel
mailing list