On Jan 19, Josselin Mouette <josselin.mouette@ens-lyon.org> wrote: >Le lun 19/01/2004 à 15:40, Marco d'Itri a écrit : >> If you feel that a listening portmap is such an unacceptable security >> risk then have it accept only connections from localhost by default, and >> ask admins to configure /etc/hosts.allow (like they are supposed to do >> anyway). >And then you'll break all installed servers using NFS, NIS and so on >upon upgrade. Not "all installed servers", just the ones which have not been even minimally hardened by their own adminstrators. And this is perfectly acceptable to me, by using the usual hosts.allow mechanism we are going to encourage good security practices for free. -- ciao, | Marco | [4199 taKsrzilVjyUo]
Attachment:
signature.asc
Description: Digital signature