On Mon, Nov 3, 2008 at 5:40 PM, Evgeni Golov <[EMAIL PROTECTED]> wrote:
> while working on a fix for opendb's RC/Security bug #504173, I noticed > that opendb creates a default admin user "test" with "test" as password. > This is IMHO a security hole, but I would like to hear your opinion - > is this okay or not? Sounds like a security issue to me, severity would depend on what admins can do and apache configuration though. IMO the sysadmin should be responsible for setting the initial password, or it might be reasonable to generate a random password. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
