- This topic has 3 replies, 2 voices, and was last updated 17 years ago by
.
-
Posts
-
If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?
@atmurray wrote:
If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?
Things I don’t want to do:
1. Ship with default password
2. Required editing the configuration to set admin passwordSo I set it up to access from localhost without a password, that way you could set the password, then access it from anywhere with the password.
I get your objection, though, particularly in a multi-user environment. How about this:
When no password is set, disallow access remotely, and allow access from localhost without a password.
When a password *is* set, only allow access with the password (i.e. disable passwordless access from localhost)
This is in the tracker as feature request #225.
Ah yes, I very much understand your reluctance with shipping with a default password. I think your fix is ideal, in fact it increases security as it forces users to set a non blank/default password before it is remotely accessible. The number of modems/routers with default passwords is scary!
Good work, cheers!
- The forum ‘Feature Requests’ is closed to new topics and replies.