[ejabberd] Re: webadmin mask password patch

Andreas van Cranenburgh andreas at unstable.nl
Wed Nov 10 17:44:59 MSK 2004


On Wed, Nov 10, 2004 at 12:48:36PM +0100, Magnus Henoch wrote:
> Andreas van Cranenburgh <andreas at unstable.nl> writes:
> 
> > Could anyone else comment on this please? Does anyone else have
> > objections?
> 
> I think the password shouldn't be sent at all unless the connection is
> encrypted.  I'm not sure how to do that, though...

Agreed, but that's a bit besides the point.

You could do this by enabling SSL for webadmin in the config, but I
personally have the webadmin port blocked on my firewall altogether
so I don't worry about it.

	Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20041110/9c2e611c/attachment.bin


More information about the ejabberd mailing list