[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 20 minutes with Phoebe3 were enough to find a number of bugs

Hash: SHA1

On Fri, 21 Feb 2003 12:08:14 +1100, Michael Wardle wrote:

[not creating at least one ordinary user]

> Here's some examples where you don't want to:
> - a mail or Web server where you only ever log in to administrate it
> - a machine that uses a remote user database (NIS, LDAP, etc.)
> - you would prefer to create the user using a different tool
> (these are not intended as flawless, definitive examples, but rather 
> simply to illustrate the point.)

IMHO, especially on a Web server you should administer your pages,
scripts and databases as an ordinary user. As a last resort, you
could use user "apache", but you should only ever *be* "root" when
superuser capabilities are absolutely required.

Anyway, I think a big fat warning after installation is not enough.
Even having to click "on my own risc" instead of just a yes/no
button would make it too easy for lazy people or all those who don't
create a normal user account because as normal user they run into

Forcing creation of a user account is not a bad thing, because when
it can be circumvented after installation by editing a file, that
would be an extra step, but it doesn't take away your freedom to do
what you want (if you really know what you do).

- -- 
Version: GnuPG v1.0.7 (GNU/Linux)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]