On 28.12.10 15:27, Emmanuel Lecharny wrote:
On 12/28/10 2:29 PM, Bernd Fondermann wrote:
Hi,
I think it's bad to release a server with default passwords exposed at
default installation.
That's why I changed the default startup classes (Spring-based and
plain-standalone) to generate random passwords when the account is
first created. If the account is persisted, no new password is
generated on server restarts.
With changing passwords through service administration at our
fingertips, I think we now live in a better (and more secure) world.
IMHO, the problem is not where you think it is. Creating random password
does not make it more secure, it makes it more complicated to users.
If an admin is stupid enough to use the server with a default password,
then too bad for him. If he is *that* stupid, he will change the random
password to something easier to remember anyways.
We have had many discussion about this default password problem on ADS,
and at the end, we decided that using 'secret' is just plain ok,
compared to any other solution which would have been more complicated to
setup.
Now, it's up to you :)
Yeah, I understand the caveats of this approach. It's largely about that
I feel better now :-)
However, if the user uses a weak password that's his own fault, not mine
- and at least an order of magnitude more secure than a hard-coded
factory password.
I think it's ok to make the user's lives a little bit easier - or
harder, because now they have to figure out the random password. ;-)
And they /still/ need to change the domain name from vysper.org to their
own domain to get the server up and running.
Also, IM infrastructure is known to be used heavily in bot nets (while
LDAP does not pop up that often in this regard) - and I certainly don't
want to proliferate that kind of usage.
Bernd
