FireFly Media Server › Firefly Media Server Forums › Firefly Media Server › Feature Requests › Connections from localhost bypass admin auth
- This topic has 3 replies, 2 voices, and was last updated 17 years, 5 months ago by atmurray.
-
AuthorPosts
-
15/04/2007 at 5:07 AM #1288atmurrayParticipant
If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?
15/04/2007 at 8:17 PM #10100rpeddeParticipant@atmurray wrote:
If you connect to the web interface from the machine that firefly is running on authentication is bypassed. Not sure if this is a desired feature, but if it is could there be an option to turn it off?
Things I don’t want to do:
1. Ship with default password
2. Required editing the configuration to set admin passwordSo I set it up to access from localhost without a password, that way you could set the password, then access it from anywhere with the password.
I get your objection, though, particularly in a multi-user environment. How about this:
When no password is set, disallow access remotely, and allow access from localhost without a password.
When a password *is* set, only allow access with the password (i.e. disable passwordless access from localhost)
This is in the tracker as feature request #225.
15/04/2007 at 11:59 PM #10101rpeddeParticipant16/04/2007 at 12:07 AM #10102atmurrayParticipantAh yes, I very much understand your reluctance with shipping with a default password. I think your fix is ideal, in fact it increases security as it forces users to set a non blank/default password before it is remotely accessible. The number of modems/routers with default passwords is scary!
Good work, cheers!
-
AuthorPosts
- The forum ‘Feature Requests’ is closed to new topics and replies.