Opened 16 years ago

Closed 15 years ago

#140 closed defect (wontfix)

command line to register admin

Reported by: dmorton Owned by: rjl
Priority: normal Milestone: 1.0.0 RC6
Component: General Version: 1.0.0 RC5
Severity: normal Keywords:


From Jeff Squyres:

 - Another note for the security paranoid: it would be good if there were 
 a command line way to register the super administrator so that this user 
 is setup *before* the Maia web site goes live.  Consider: if Maia 
 becomes the world-standard for spam/virus protection, it's only a matter 
 of time before Maia installations are identified by script kiddies and 
 they just throw the url "/mail/login.php?register=super" at it to see if 
 they can be the first user, and therefore 0wn your Maia (and don't 
 forget that spammers are closely associated with hackers these days -- 
 if a spammer can 0wn your Maia and only allow *his* spam to get through, 
 that's good for business!).

Change History (1)

comment:1 Changed 15 years ago by dmorton

  • Resolution set to wontfix
  • Status changed from new to closed

Upon more reflection, this ticket will be a non issue once we have a more comprehensive install script, and admin layer. Furthermore, good standard practice when installing this should be to keep any new systems behind a firewall until it is ready to be brought online. Right now, I think the risk is too minimal to worry about.

Note: See TracTickets for help on using tickets.