Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [virgo-dev] Should we change the default access to the admin console?

I'm a Virgo outsider and don't have any stake in this, but I think having default passwords adds unnecessary security risk. It is an open source project and everyone can see the default password, and it's just ammunition for script kids scanning for exploits. In Orion we disable admin account by default and someone has to explicitly define a password in server configuration before the admin account is activated. This really doesn't add a lot of difficulty for a server admin and closes an obvious potential security hole. Just my $0.05.

John




From:        Glyn Normington <gnormington@xxxxxxxxxxxxx>
To:        Virgo Project <virgo-dev@xxxxxxxxxxx>,
Date:        02/14/2014 06:37 AM
Subject:        Re: [virgo-dev] Should we change the default access to the admin console?
Sent by:        virgo-dev-bounces@xxxxxxxxxxx




Virgo has never had any complaints about its current default password, so admin/admin seems fine to me.

On 14/02/2014 11:25, Florian Waibel wrote:
A request to use an easy-to-remember passoword for the admin console kicked of some kitchen talk over here.

There are two opposite opinions: Ease of use for Devs vs. safety-net for Ops.

a) Apache Karaf Way: Change the credentials to admin/admin - instantly ready for rumble in development.
b) Apache Tomcat Way: Disable console by default with a hint where to configure the access.

Any opinions?




_______________________________________________
virgo-dev mailing list
virgo-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/virgo-dev

_______________________________________________
virgo-dev mailing list
virgo-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/virgo-dev


Back to the top