httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bannister <is...@jellybaby.net>
Subject Re: TRACE still enabled by default
Date Wed, 21 Mar 2012 12:48:53 GMT
On 21 Mar 2012, at 12:39, Reindl Harald wrote:

> 1 out of a million servers needs TRACE enabled
> 
> it was ALWAYS a good idea to disable ANYTHING by default what is not really needed and
this principle will stay

inetd normally ships with echo not running, but kernels usually ship with ICMP enabled. I
think TRACE is more like ICMP echo than tcp/7 echo.

If a distribution wants to ship a default configuration that disables TRACE, isn't that enough?
The issue is naïve / lazy server admins, and almost all of those will install httpd from
a distribution.

-- 
Tim Bannister – isoma@jellybaby.net


Mime
View raw message