Comments (5)
I agree that we should add HSTS support to Apache. Done.
I'm a bit hesitant to upload the apache config file to github as it would be more information given to attackers (exactly where files are, what's enabled and what isn't, etc. I'm not a fan of security through obscurity, but placing the apache config under version control seems to have more downsides than upsides. I can't think of a very compelling reason to do so at the moment.
from w3id.org.
I agree - we should not expose that file. now if there is a decent way to
expose a file that is included.... I would be open to that. Not the basic
settings but the extensions.
On Wed, May 22, 2013 at 12:33 PM, Manu Sporny [email protected]:
I agree that we should add HSTS support to Apache. Done.
I'm a bit hesitant to upload the apache config file to github as it would
be more information given to attackers (exactly where files are, what's
enabled and what isn't, etc. I'm not a fan of security through obscurity,
but placing the apache config under version control seems to have more
downsides than upsides. I can't think of a very compelling reason to do so
at the moment.—
Reply to this email directly or view it on GitHubhttps://github.com//issues/5#issuecomment-18294554
.
Shane P. McCarron
Managing Director, Applied Testing and Technology, Inc.
from w3id.org.
I don't think that there is a huge difference between publishing configuration files on the one hand and source code of executables running on a server on the other hand. In both cases potential security issues become more visible.
from w3id.org.
I agree with Manu - I would not expose all of the configuration.
from w3id.org.
I appreciate the problem, but there /are/ known attack vectors when file paths are known. There is no compelling reason to risk it as far as I can see.
from w3id.org.
Related Issues (20)
- Fix broken redirect in rebase entry HOT 1
- Help needed - why aren't my redirections working? HOT 1
- Scalable id storage
- Add an "How-To-Test" to the description HOT 1
- warning on clone: case sensitive/insensitive file systems HOT 1
- allow browser (html) dereferencing of i-adopt terms to abuse the available local fragment identifiers HOT 1
- bad forward from w3id.org/mediatype/ HOT 4
- W3C Caused by: com.apicatalog.jsonld.JsonLdError: Unexpected response code [429] HOT 1
- Broken link to openspring.net under Management on the w3id.org home page HOT 1
- dggs.org broken HOT 4
- Update w3id.org homepage content with one from the latest README.md HOT 1
- add redirect test workflow / github action
- How to redirect to Ontology documentation with Widoco HOT 3
- Remove directory under /italia HOT 5
- Common format for metadata and test specifications HOT 5
- Redirection issue by certificate when importing in Protege HOT 7
- Verifiable Credential JWS2020 incorrect content-type HOT 6
- build upon @MattBlissett 's gensc PR #3946
- Additional requested static re-directions for `gensc` HOT 1
- add @turbomam as maintainer of `gensc` namespace
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from w3id.org.