Le Dim 21 juillet 2013 23:54, Richard W.M. Jones a écrit :
On Sun, Jul 21, 2013 at 07:39:50PM +0200, drago01 wrote:
On Sun, Jul 21, 2013 at 6:47 PM, Jared K. Smith jsmith@fedoraproject.org wrote:
On Sat, Jul 20, 2013 at 12:53 PM, Adam Williamson
wrote:
I'm not sure if I'm missing anything here, but is it intended that webapps should not be accessible from anywhere but localhost by
default?
That's my understanding, yes. It follows from the general
understanding
that network-accessible daemons (with perhaps the exception of sshd)
should
not be accessible from outside of localhost by default.
Now I'm curious... do you have a particularly strong reason why web
apps
should be different than any other network daemon?
Because they aren't. The daemon in this case is httpd, not the webapps.
I guess each web app increases the attack surface (versus just httpd serving only flat files).
Returning to the .rpmnew point, isn't it possible to have the web service include an alternative configuration file which would override the defaults? That way the "pristine" configuration file from RPM would be unchanged, and therefore upgradable.
Another possibility would be to deploy the default confs in a separate dir, with a symlink to the effective dir. Want to change the default conf, break the symlink, rpm can continue to update the link target with no side effects.