[ejabberd] Re: webadmin mask password patch
Andreas van Cranenburgh
andreas at unstable.nl
Wed Nov 10 17:44:59 MSK 2004
On Wed, Nov 10, 2004 at 12:48:36PM +0100, Magnus Henoch wrote:
> Andreas van Cranenburgh <andreas at unstable.nl> writes:
> > Could anyone else comment on this please? Does anyone else have
> > objections?
> I think the password shouldn't be sent at all unless the connection is
> encrypted. I'm not sure how to do that, though...
Agreed, but that's a bit besides the point.
You could do this by enabling SSL for webadmin in the config, but I
personally have the webadmin port blocked on my firewall altogether
so I don't worry about it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20041110/9c2e611c/attachment.bin
More information about the ejabberd