Greg Erskine wrote: > > This option will be available in pCP6.0.0 when we release it. Best to > wait. >
I just wanted to say thanks to the pCP crew for adding the Security page to the Beta web UI for 6.0! I do hope you'll promote that to the mainstream admin UI, although I suggest you consider a few tweaks: 1) add a Password Confirmation input on the httpd settings page 2) add a note that the pCP settings will be saved as soon as the change is applied (I expected that they would NOT be, that I would be able to verify that I could still access the httpd and sshd after setting passwords and just power cycle the Pi if I goofed somehow) 3) incorporate CSRF protection into the web UI, at least Referer checks. It seems too easy to use CSRF with mere GET requests to effect significant changes on the pCP. Even those w/ authentication required for the web UI are vulnerable to CSRF attacks. Thanks! owner of the stuff at https://tuxreborn.netlify.app/ (which used to reside at www.tux.org/~peterw/) Note: The best way to reach me is email or PM, as I don't spend much time on the forums. *Free plugins:* AllQuiet Auto Dim/AutoDisplay BlankSaver ContextMenu DenonSerial FuzzyTime KidsPlay KitchenTimer PlayLog PowerCenter/BottleRocket SaverSwitcher SettingsManager SleepFade StatusFirst SyncOptions VolumeLock ------------------------------------------------------------------------ peterw's Profile: http://forums.slimdevices.com/member.php?userid=2107 View this thread: http://forums.slimdevices.com/showthread.php?t=109401 _______________________________________________ unix mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/unix
