Arne Kepp ha scritto: > I like the idea, and I think FTP is probably the way to go given > Microsofts propensity to break WebDAV. > > But by default GeoServer ships with a small security problem in the > sense that the admin password is universally known. I prefer Tomcat's > approach in which no account enabled by default, but this has not been a > big issue up to this point. > > But if we include an FTP server then GeoServer suddenly becomes a > valuable target for people who want to distribute illegal materials. > > I therefore suggest that it should not be possible to login with the > standard credentials, and if possible tell the FTP client the reason for > the rejection in the Access Denied response.
Sigh, unfortunately it does not seem possible to control the access denied response. This might be a source of some confusion as people are not notified of why the thing is failing. We can still address this by documentation, or just allow logins by prominently report the issue in the logs... Suggestions? Cheers Andrea -- Andrea Aime OpenGeo - http://opengeo.org Expert service straight from the developers. ------------------------------------------------------------------------------ _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
