Am 21.07.2013 19:39, schrieb drago01: > On Sun, Jul 21, 2013 at 6:47 PM, Jared K. Smith > <jsm...@fedoraproject.org> wrote: >> On Sat, Jul 20, 2013 at 12:53 PM, Adam Williamson <awill...@redhat.com> >> wrote: >>> >>> I'm not sure if I'm missing anything here, but is it intended that >>> webapps should not be accessible from anywhere but localhost by default? >> >> >> That's my understanding, yes. It follows from the general understanding >> that network-accessible daemons (with perhaps the exception of sshd) should >> not be accessible from outside of localhost by default. >> >> Now I'm curious... do you have a particularly strong reason why web apps >> should be different than any other network daemon? > > Because they aren't. The daemon in this case is httpd, not the webapps
but the danger is not a up-to-date httpd the danger is blindly installed and not proper configured web-apps on default path's - it takes *minutes* before the first bot will find your application what attack should happen to a naked httpd?
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
