Reply To: Connections from localhost bypass admin auth

#10100
rpedde
Participant

@atmurray wrote:

If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?

Things I don’t want to do:

1. Ship with default password
2. Required editing the configuration to set admin password

So I set it up to access from localhost without a password, that way you could set the password, then access it from anywhere with the password.

I get your objection, though, particularly in a multi-user environment. How about this:

When no password is set, disallow access remotely, and allow access from localhost without a password.

When a password *is* set, only allow access with the password (i.e. disable passwordless access from localhost)

This is in the tracker as feature request #225.