FireFly Media Server (formerly mt-daapd) › Firefly Media Server Forums › Firefly Media Server › Feature Requests › Connections from localhost bypass admin auth › Reply To: Connections from localhost bypass admin auth
If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?
Things I don’t want to do:
1. Ship with default password
2. Required editing the configuration to set admin password
So I set it up to access from localhost without a password, that way you could set the password, then access it from anywhere with the password.
I get your objection, though, particularly in a multi-user environment. How about this:
When no password is set, disallow access remotely, and allow access from localhost without a password.
When a password *is* set, only allow access with the password (i.e. disable passwordless access from localhost)
This is in the tracker as feature request #225.