On 11/28/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > On 11/28/05, Chris Buechler <[EMAIL PROTECTED]> wrote: > > This part of the architecture has changed slightly from m0n0wall I > > believe, so if I go astray here, somebody kick me back into shape. ;) > > *kick* > > > Basically, you can't get to PHP without first being authenticated. At > > this point, if you're authenticated, you have root access to the box. > > These days, the auth is completely handled in PHP. So it's certainly > possible.
Yes, the moral of the story is to lock down the WebGUI to only trusted IP's.
