[Seaside-dev] Re: Initialize /seaside/config with random password?
Philippe Marschall
philippe.marschall at gmail.com
Mon Sep 22 04:45:54 UTC 2008
2008/9/22 Philippe Marschall <philippe.marschall at gmail.com>:
> Hi
>
> I wanted to open this for discussion:
>
> Right now the configuration application has no password. One of the
> reasons for this is that we want the code to load without user
> interaction. This troubles we because even today there are publicly
> accessible Seaside applications online that have default username and
> password.
>
> A possible solution for this would be to set the password to a random
> one during loading. Then the user would have to use WAAdmin to set the
> password to something he knows. AFAIK several other web frameworks use
> this approach.
What I wanted to add is that in the permission denied message we could
even tell the user what he has to do.
Cheers
Philippe
More information about the seaside-dev
mailing list