Subject: Re: localhost security hole
To: David Porowski <>
From: Andrew Brown <>
List: tech-security
Date: 06/29/2003 02:01:04
>> >5)  always use localhost.domain localhost
>> actually, i'd recommend " localhost localhost.domain" so that
>> you can look up localhost.domain (using gethostbyname()), but the
>> canonical name for it will be returned as localhost.
>Interesting.  I guess I have always preferred the FQDN
>as canonical, but that could be useful.

i think that doing as much as possible to keep mapping to
localhost, and localhost to is a good thing.  by putting the
localhost.fqdn first, things become more complicated.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."