19 Apr
2000
19 Apr
'00
11:53 a.m.
At 7:34 AM -0400 4/19/2000, srl wrote:
Now, the fact that we can add /manage to any URL to edit the data seems like a potential security hole. all it would take to crack a Zope password would be running a password guesser with user 'superuser'. Or am I missing something here?
To some degree yes. But no more than leaving the telnet, or FTP port open on a machine. If someone knows the username and password, they will get in. Since the superuser password is randomly generated (and it a pretty tough one) on each install as long as you don't change it to something wickedly stupid it should be fine. J