This is much worse than a PC with auto login. With auto login you have to be physically present to access the PC. A lot of people will be using pi as web servers. I am just saying we should not being using default/public passwords for remote access.rurwin wrote:It's still only as insecure as a Windows PC with auto-login.
It's those kind of hopes that allow the proliferation of so many insecure "professionally hosted" web servers out there. I hear what you are saying, but in reality I believe we should teach best practice as early as we can ...rurwin wrote:One hopes that anyone with enough knowledge to set up a web server and drill a hole in the firewall for it, also has enough knowledge to change the password.
I think the installer http://www.raspberrypi.org/phpBB3/viewt ... =66&t=6532 is (or will be) the thing to use if you want that sort of set-up. It is based on the standard debian installer and does exactly what you describe above as one of its steps.louisb wrote: ... Perhaps this can be fixed by a first time start-up script that asks the users for a user name and creates a new user when Raspbian is powered up for the first time.
What do you all think about this? ...
To me, this sounds a sensible idea.louisb wrote:If you read my original post carefully you will see that I am suggesting giving the users the option of having no password. Only when remote access is enabled is that a custom password should be set before remote access is enabled.
Users browsing this forum: No registered users and 34 guests