mwthrane: please, do not do that :) The account/password feature in the web UI is good enough to keep your 10 year old kids away from pr0n, but will not stand a serious attack; further, we do not guarantee that we can not be crashed or exploited using bad URL requests, so as stated in the documentation - do not open the MT port/run MT on the external interface.
Hello,
I enabled the accounts in config.xml, as the following:
<ui enabled="yes">
<accounts enabled="yes" session-timeout="30"/>
<account user="nil" password="nil"/>
</ui>
But when I access the web page, and fill in the user and password fields with "nil" and "nil", it popped a dialog said "Invalid username or password".
Is there anything wrong with my configuration? or....? What's wrong?
Any help will be greatly appreciated!
And I changed the configuration as:
<ui enabled="yes">
<accounts enabled="yes" session-timeout="30">
<account user="nil" password="nil"/>
</accounts>
</ui>
The problem still exists.
The version is 0.10.0
Really the distributed config file should explode
the accounts xml tag and not leave it compact. Not
everyone knows XML.
And plopping a commented-out account tag in there
would help people get it right the first time.
Hi,
I will have to take a look, can't say anything right now. I'll get back to you later today.
Kind regards,
Jin
Got the exact same problem.
And its really a problem cause ppl can then access my server from outside my network. (i think :o)
mwthrane: please, do not do that :) The account/password feature in the web UI is good enough to keep your 10 year old kids away from pr0n, but will not stand a serious attack; further, we do not guarantee that we can not be crashed or exploited using bad URL requests, so as stated in the documentation - do not open the MT port/run MT on the external interface.
Now, about accounts:
<ui enabled="yes">
<accounts enabled="yes" session-timeout="30">
<account user="jin" password="test"/>
</accounts>
</ui>
This works for me with the latest SVN version, could you please retest that in the latest code?
Set up firewall to block connections form wan :)
It works!
I had it done like this:
<ui enabled="yes">
<accounts enabled="yes" session-timeout="30"/>
<account user="jin" password="test"/>
</ui>
Thank you :)
We indeed plan to add more commented out sections to make it easier to edit stuff without having to refer to the documentation each time.
We also want to provide a configuration possibility via the UI, but that's still something for the future.