Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Thu, Apr 19, 2001 at 02:11:24PM +1000, Craig Sanders wrote:
> On Thu, Apr 19, 2001 at 03:16:52AM +0200, PiotR wrote:
> > Seriously, i think you are missing the contact with reality in this
> > issue.
>
> actually, you are the one who is out of touch with reality.
>
> > When you start compromising usability in favor of security, you are
> > beening PARANOID.. And that is what is wrong in /etc/hosts.deny.
>
> security is *always* a compromise of usability. it is an inherent
> trade-off which can not be avoided.
>
> a completely open system is very usable...no annoying barriers to
> whatever action you want to perform, no wasting time with passwords or
> getting file permissions right or any other obstacle. just go ahead and
> do it.
>
> the trouble is that anyone else is also able to just go ahead and do
> whatever they want too. in order to prevent unauthorised people from
> messing with your system you have to compromise some of your usability.
>
> > Specially when we are talking about DEBIAN DEFAULTS!
>
> if you don't like the default, then change it.
You are the one that should change it, since you are the one who demands specially exquisite security.
>
> debian provides a huge selection of text editors which will help you do
> that.
Who wants that if you have an hex editor arround?
>
> > Note that the majority of debian users don't have to be networking
> > gurus by default.
>
> true. that's exactly why we should provide secure defaults...so that
> their lack of expertise does not ensure that their system will be hacked
> within 5 minutes of it going live on the internet.
Removing ALL: PARANOID from /etc/hosts.deny wont lead to any hacked system, so It seems you don't know what we are discussing in this thread.
>
> craig
--
Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/
piotr@omega.resa.es
Reply to: