vicidial.org

VICIDIAL astGUIclient discussion forum
http://forum.eflo.net/VICIDIALforum/

Cron and Test and One can have ENTIRE SERVER ACCESS ?

http://forum.eflo.net/VICIDIALforum/viewtopic.php?f=7&t=20365

Page 1 of 1

Cron and Test and One can have ENTIRE SERVER ACCESS ?

PostPosted: Wed Aug 31, 2011 8:06 am
by gmcust3
If I know someone IP , I can login to any dialer using cron credential and can roam around in the server ?

I tried it and I Can !!

Gardo , cant we block it while installing GoautoDial 2.1 ELSE SECURITY is HIGHLY COMPROMISED ?

PostPosted: Wed Aug 31, 2011 1:20 pm
by williamconley
vicidial's new admin "1st login" will change default passwords ... but not the Cron yet. Would certainly be a good feature request. Just adding the cron pass to the mix would be good ... honesly, though, since cron is fully automated it almost makes more sense for "install.pl" to create a random pass for cron and install it. (no human ever needs to KNOW the cron pass, but it is visible in the system if you actually needed it for something ... just making it different on every machine would suffice)
All times are UTC - 5 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/