[Bug 189195] Review Request: horde - php application framework
bugzilla at redhat.com
bugzilla at redhat.com
Thu Dec 21 17:30:26 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: horde - php application framework
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189195
------- Additional Comments From fedora at theholbrooks.org 2006-12-21 12:30 EST -------
Spec URL: http://theholbrooks.org/RPMS/horde.spec
SRPM URL: http://theholbrooks.org/RPMS/horde-3.1.3-8.src.rpm
Thanks for the dialog guys, this is going to be one solid package by the time it
gets approved :D
Greg is right about registry.php, that's the one file I had to edit in order to
relocate the config files to an arbitrary location. Whether they reside in
/etc/horde or /var/lib/horde is a very trivial change and completely up to you..
I'm also not sure which is more appropriate.
I've also added some additional Apache security params per Greg's suggestion in
comment 27, which also addresses your question about test.php: it's now only
accessible from localhost. I did NOT include horde's recommended "expose_php
off" or "display_errors off" because they seem a little TOO paranoid at the
application-level, and more appropriate for the sysadmin to set globally if he
desires.
Finally, I've added a LOT more to README.fedora, including being more specific
about the security implications of opening horde to the world and a whole
paragraph of additional recommended actions (pear modules and such)
Incidentally, horde flips out if you access it at http://localhost/horde/ and
logs: "Session cookies will not work without a FQDN and with a non-empty cookie
domain". It causes my FF to reload infinitely until it freezes and has to be
'kill -9'ed. Using http://localhost.localdomain/horde/ or
http://127.0.0.1/horde/ has no problems. Should we mention this in the README?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list