On 9/7/06, Vlad Seryakov <[EMAIL PROTECTED]> wrote:
- if nscp loaded without settings, it will listen on 127.0.0.1 port 2080 and will accept connections with empty username and password. I think this is reasonable for development server.
This is insecure as a default and we have to change it. The nscp module should *not* be loaded by default, and we shouldn't be hard coding default user names and passwords. We espescially shouldn't be doing both at the same time. It's no trouble at all to remove a single '#' to enable a module. This also applies to the nsstats functionality -- off by default please.
