Re: [Postfixadmin-devel] config.local.php not being read.
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
Re: [Postfixadmin-devel] config.local.php not being read.
|
From: David G. <da...@co...> - 2009-04-22 06:12:11
|
> I've just seen that you have removed the check if the setup_password > is "changeme" - but you have kept the check if it is set at all. > > I'd vote to remove this check also (because it will cause problems [aka > lock postfixadmin] on upgrade if the old config.inc.php is still used) > and adds no security. > > Any objections? No objections. > > > > I also think that we no longer need to use the "developer hack" > > > $CONF['configured'] = > > > 'I_know_the_risk_of_not_deleting_setup.php' and should remove the > > > code sections checking for it (index.php, login.php). > > (still ToDo) Thought this had been dropped.. .ho hum. > > > I'll try and review the code shortly; I did wonder if the > > setup_password would be better off stored in the database, and we > > just supply a trivial 'passwd' type script which (when run) allows > > 'root' to set/change it? > I had a look at it - and could see no obvious problems. > > Entering the wanted password in setup.php and copying the config sniplet > to config.inc.php is easy enough IMHO ;-) > Yes. It would be nice if it was more user friendly - e.g. one form to generate the setup password, another to do the admin bit. > > BTW: Any news on the "alias magic and domain admins" bug? > http://sourceforge.net/tracker/?func=detail&aid=2745147&group_id=191583&atid=937964 > (That's the only release blocker I'm currently aware of...) I know how to solve it; I just haven't yet. David. -- David Goodwin [ david at codepoets dot co dot uk ] [ http://www.codepoets.co.uk ] |
