- 15th April 2007 at 5:07 am #1288atmurrayParticipant
If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?15th April 2007 at 8:17 pm #10100rpeddeParticipant
If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?
Things I don’t want to do:
1. Ship with default password
2. Required editing the configuration to set admin password
So I set it up to access from localhost without a password, that way you could set the password, then access it from anywhere with the password.
I get your objection, though, particularly in a multi-user environment. How about this:
When no password is set, disallow access remotely, and allow access from localhost without a password.
When a password *is* set, only allow access with the password (i.e. disable passwordless access from localhost)
This is in the tracker as feature request #225.15th April 2007 at 11:59 pm #1010116th April 2007 at 12:07 am #10102atmurrayParticipant
Ah yes, I very much understand your reluctance with shipping with a default password. I think your fix is ideal, in fact it increases security as it forces users to set a non blank/default password before it is remotely accessible. The number of modems/routers with default passwords is scary!
Good work, cheers!
- The forum ‘Feature Requests’ is closed to new topics and replies.