[Seaside-dev] Re: Initialize /seaside/config with random password?
Lukas Renggli
renggli at gmail.com
Mon Sep 22 07:30:13 UTC 2008
> > What I wanted to add is that in the permission denied message we could
> > even tell the user what he has to do.
>
> We could also force the user to pick a password when first logging
> into the web interface. This isn't quite as secure because if they
> never used the admin interface but left it running in production
> somebody else could set a password and get in... but it's more
> convenient. Depends what balance we want to strike... I think most
> people either (a) use the web interface or (b) know what they're
> doing.
A password for the config app doesn't help anything, if there is a
single application that has the toolbar activated. So why even bother?
For productive use, people hopefully won't load the development tools anyway.
Lukas
--
Lukas Renggli
http://www.lukas-renggli.ch
More information about the seaside-dev
mailing list