Re: [virgo-dev] Should we change the default access to the admin console

[John Arthorne <John_Arthorne@xxxxxxxxxx>]

I'm a Virgo outsider and don't have any
stake in this, but I think having default passwords adds unnecessary security
risk. It is an open source project and everyone can see the default password,
and it's just ammunition for script kids scanning for exploits. In Orion
we disable admin account by default and someone has to explicitly define
a password in server configuration before the admin account is activated.
This really doesn't add a lot of difficulty for a server admin and closes
an obvious potential security hole. Just my $0.05.

John




From:      
 Glyn Normington <gnormington@xxxxxxxxxxxxx>
To:      
 Virgo Project <virgo-dev@xxxxxxxxxxx>,

Date:      
 02/14/2014 06:37 AM
Subject:    
   Re: [virgo-dev]
Should we change the default access to the admin console?
Sent by:    
   virgo-dev-bounces@xxxxxxxxxxx

---

Virgo has never had any complaints about its current default
password, so admin/admin seems fine to me.

On 14/02/2014 11:25, Florian Waibel wrote:
A request to use an easy-to-remember passoword for
the admin console kicked of some kitchen talk over here.

There are two opposite opinions: Ease of use for Devs vs. safety-net for
Ops.

a) Apache Karaf Way: Change the credentials to admin/admin - instantly
ready for rumble in development.
b) Apache Tomcat Way: Disable console by default with a hint where to configure
the access.

Any opinions?




_______________________________________________
virgo-dev mailing list
virgo-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/virgo-dev

_______________________________________________
virgo-dev mailing list
virgo-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/virgo-dev