Hi Mario, Thanks for your hint! Yes the above was a demo to instruct users how to setup a wbdav server. Yes, one should warn users about the credentials used here!
Thank you On Thursday, April 8, 2021 at 5:02:38 PM UTC+4:30 PMario wrote: > Hi Folks, > Hi Mohammad, > > PLEASE DON'T use username: admin and password: admin in your examples > without big red letters: Encrypt your passwords or you are f*&%$! > > There are users out there, which copy/paste configuration examples and > think they work. ... But they DON'T!. > > Mohammand. You used address: 127.0.0.1 which is localhost. ... That's good! > > The OP used address: 0.0.0.0, which is dangerous in production. It listens > on every IP address the server can find. It's similar to "My house is wide > open, take what you can!" > > The orginal configuration examples contains several parameters that can > increase security. ALL of them should be understood and configured! > eg: CORS settings should be disabled for local installation. CORS is only > needed if the server faces the internet or is used in multi-user LAN. It > should only be enabled, if you know, what you do!! > > see: https://github.com/hacdias/webdav/#usage > > Just my thoughts! > > have fun! > mario > PS: admin is probably one of the most tested usernames by hackers. and 123456 > the password which opens the gates. > > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/778dc1ca-2cf3-4978-af1c-38f34dd87881n%40googlegroups.com.
