[Commotion-admin] [luci-commotion] Administration panel not accessible on neighbor nodes when meshed via Ethernet (#406)
Dan Staples
notifications at github.com
Mon Aug 11 15:59:14 EDT 2014
We originally closed HTTPS to WAN zone for security reasons, and just left SSH available. Neither HTTPS or SSH has brute-force prevention, but the authentication of the HTTPS portal could be bypassed by stealing an auth token from an admin user (through a cross-site scripting or cross-site request forgery attack). But I agree that on more complicated network architectures, blocking HTTPS on WAN is a real pain in the butt for administration.
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion/issues/406#issuecomment-51832190
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20140811/5b15014f/attachment.html>
More information about the Commotion-admin
mailing list