[BlueOnyx:00165] Re: Third party software
Michael Stauber
mstauber at blueonyx.it
Tue Jan 13 16:21:38 -05 2009
Hi Ken,
> It would be nice to have the installers available on the BlueOnyx.
Exactly.
> I currently have it turned off on my servers. The problem with the
> existing versions is that they install everything with a default password
> of something like "password". That is a problem for me since some
> customers installed them (in the default directory) to see what they look
> like, and they leave the default password. It's a pain when hackers find
> these unprotected applications like PHPList and use them to send spam.
Yeah, I can imagine. Last night I spent some time familliarizing myself with
the code and also spotted that default password setting and have some ideas
how to address that.
> So, my suggestions for the installer are:
> 1. That it would set a good password
> 2. That it would add limiters like openbasedir for the specific directory
> it is installing in.
BlueOnyx already sets openbasedir directories for each site and extending them
automatically based on what a specific web application may need will be
fairly easy. So yeah, that will be done.
Just can't say how soon.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list