You are here: Home » Topic » Connections from localhost bypass admin auth

Connections from localhost bypass admin auth

This topic contains 3 replies, has 2 voices, and was last updated by  atmurray 10 years, 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #1288

    atmurray
    Participant

    If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?

    #10100

    rpedde
    Participant

    @atmurray wrote:

    If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?

    Things I don’t want to do:

    1. Ship with default password
    2. Required editing the configuration to set admin password

    So I set it up to access from localhost without a password, that way you could set the password, then access it from anywhere with the password.

    I get your objection, though, particularly in a multi-user environment. How about this:

    When no password is set, disallow access remotely, and allow access from localhost without a password.

    When a password *is* set, only allow access with the password (i.e. disable passwordless access from localhost)

    This is in the tracker as feature request #225.

    #10101

    rpedde
    Participant

    @rpedde wrote:

    This is in the tracker as feature request #225.

    Fixed in r1538

    – Ron

    #10102

    atmurray
    Participant

    Ah yes, I very much understand your reluctance with shipping with a default password. I think your fix is ideal, in fact it increases security as it forces users to set a non blank/default password before it is remotely accessible. The number of modems/routers with default passwords is scary!

    Good work, cheers!

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.