[ic] [interchange] * Interchange has long been distributing the dump page. This is
Stefan Hornburg (Racke)
racke at linuxia.de
Tue Mar 25 08:15:00 UTC 2014
On 03/25/2014 01:23 AM, Jon Jensen wrote:
> Mike,
>
> I agree that it's probably unwise to leave the dump page there in default installations.
>
> However, requiring the SQL database password by default seems like an unwise enticement for people to send an important piece of information over the wire -- and you know many will do it over http, not https. So to me this feels like it will actually make security worse.
>
> Why don't we just remove the dump.html page entirely? We can leave a copy in the eg/ directory and suggest people name it something obscure and hardcode their own trivial password in it. But not having it in default installs at all seems like a good move.
>
> What does everyone else think?
>
Let's get rid of it. The same information can be found in the admin, right?
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
More information about the interchange-users
mailing list