[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, Apr 18, 2001 at 04:57:50PM -0700, Nathan Dabney wrote:
> I am sorry, I didn't mean to compare them in seriousness, I was thinking more 
> along the lines of "having it secure by default is better than installing
> a hackable system on purpose."

Yes, but that's assuming that PARANOID makes things more secure.  PARANOID
can only be as secure as the DNS records it relies on, which is why it should
be eliminated.

> I am a firm believer in the idea that we should aim for secure by default when
> making decisions like this.  Do you agree?  
> For those of you who do not like PARANOID, what would you suggest without
> reducing the protection?  Does ALL: ALL with some commentary explaining where
> the user can go for more information sound good?

No.  We should ask the user during installation what networks he wants to
allow access from, and force him to enter IP addresses/CIDR blocks.


Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to: