Bug#23661: usr/doc should not be accessible through http servers by default
Here's an issue. About two years ago there was a proposal that the
default httpd setup should not allow /usr/doc to be remotely
accessible, as it's a huge security risk. (Yes, we're talking about a
small amount of "security through obscurity" here, but we don't need
to hand crackers this information on a golden plate.)
Nothing appears to have been done about it.
Where do we go from here? Do we steam ahead and make it policy or
what? Are there any good reasons why this *shouldn't* be done?
Julian
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
Debian GNU/Linux Developer, see http://www.debian.org/~jdg
Donate free food to the world's hungry: see http://www.thehungersite.com/
Reply to: