[horde] Two questions: menu.php and test.php

[Chuck Hagenbuch]

Quoting "Kevin M. Myer" <kevin_myer at iu13.org>:

> So my question is this:  is there an easy way to make the menu disappear
> before a user is authenticated or do I have something misconfigured?

The only easy way is to use HEAD, where things are done this way.

> Second issue relates to the various test.php files that are included with the
> various components.  While there are strong warnings in the documentation to
> remove or otherwise disable access to these files after you're done using
> them, I'd much prefer to see a "secure-by-default" approach taken, where
> access is denied, either via an .htaccess file or via a check to see if a user
> is authenticated.  While this argueably makes it more difficult to
> troubleshoot initial install problems (i.e. if you're having trouble logging
> in), it prevents a load of information from being available, by default, to
> unscrupulous individuals who might prey on those who forget to disable the
> files.  Its really an issue of administration - don't put test systems on the
> Internet until they're hardened - but we all know that it happens anyway and
> if something can be done to make things a little more secure, I think that
> would be great.

Any workable suggestions for how to do this would be welcome. Authentication
isn't one of them, I don't think...

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
The alligators were there, too, in a bathtub inside the house.