** Sometime around 15:06 -0500 02/07/2003, Nick Simicich sent everyone:
>You know, I have another alert: You might have meant for no one to
>sign up for this list, but the default is to let people sign up!
>The most restrictive defaults should be picked in all cases, of
>course, so the default should be to not let people sign up! And to
>not let people use the list at all! And to restrict all English
>words from being in a posting, because if people are allowed to use
>language in mailing list postings, they could accidentally give away
>secrets!
Nick,
I agree with your overall assessment that the "security alert" is
B.S. However, default settings should be reasonable. For example,
setting defaults so that no one can sign up for a new list is
arguably not particularly useful in most cases [1]; OTOH, defaulting
which_access to closed/list/private/something-anything other than
"open" is probably smarter than defaulting it to open.
Other comments still apply, including RTFM/RTFDOC when setting up a
server of any sort. And as we all know, sysadmins have nothing but
time on their hands... ;-)
--
__________________________________________________________________________
Vince Sabio vince@vjs.org
[1] Yes, I know you were merely making a point. I borrowed your point
to make another one. ;-)
Follow-Ups:
References:
|
|
