LJ Rand wrote:
Thanks, all those suggestions help and have been
observed.
But I still worry about some remote attacker tricking
the firewall into somehow sending or exposing the
contents of the config.xml file. It kind of feels
like having an /etc/passwd or /etc/shadow file where
the password fields are plain text.
we've had numerous LONG threads about this in the past.
The FAQ spells out why this is how it is.
http://faq.pfsense.org/index.php?action=artikel&cat=1&id=37&artlang=en
any why it has to stay that way.
the admin password isn't in the clear, but it's one of the few that can
be truly hashed and not just obfuscated, so your /etc/passwd comparison
is off base.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
