Justin Funke wrote:
> This would still open up the servers to brute force attacks from the
> Internet.
Agreed, but no more so than having SSH enabled, or webmail, or
POP/IMAP.
> If it is going to be able to be "enabled" on the public side as a
> feature, I would hope for it to be shipped as "disabled" by default.
Of course, and it'd probably be better to be able to set the password
page and the admin page separately, rather than both together. Having
just the password page be viewable wouldn't be nearly as vulnerable as
the admin page.
--
Dan Brown, KE6MKS, [EMAIL PROTECTED]
"Meddle not in the affairs of dragons, for you are crunchy
and taste good with ketchup."
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
