[dev] default backends
Vilius Šumskas
vilius at lnk.lt
Tue Feb 15 18:07:39 UTC 2011
Sveiki,
Tuesday, February 15, 2011, 7:47:02 PM, you wrote:
> Not to mention the security concerns. We ship a configuration default
> that we think makes sense, and it turns out that it opens a security
> hole on my particular installation.
That's very good point. Imagine that I'm admin and I have a backend
configured with my secret username and password. Suddently, Horde
developers change 'hostname' key of the config array to 'host'.
Boom, you installation ends up logding into completely different
server. Even if it points to 'example.com' I don't want the password
transmitted through the internet.
Maybe some kind of configuration file versioning/prioritizing could
help here?
--
Best regards,
Vilius
More information about the dev
mailing list