On Oct 16, 2007, at 6:00 PM, Mark Logan wrote: > I don't think it affects secure-by-default because it will only accept > connections from the local machine.
That's reassuring, but it still doesn't make it secure. Access by a local user is still possible, be they a curious but valid user, or a unknown person who has access a compromised account. LMS will still require reliable AAA in that regard. /dale
