You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
password protection seems sensible. We could use PAM with mod_authnz_external to require the admin user? Quite possibly a dodgy idea, security wise. Could generate an htpasswd file specifically for the stats and dump the password out in /srv or something.
Originally posted by @telyn on 2017-03-13T11:03:37.946Z
ooh, or - disabled by default, add a 'config/stats' file containing user:pass entries and get symbiosis-httpd-configure to generate an htpasswd and enable it.
Originally posted by @telyn on 2017-03-14T10:12:27.861Z
If the stats are enabled, they should probably only work over SSL and not plain text /non secure connections. With the ease of enabling secure connections now this shouldn't be a problem.
I strongly believe Stats should be disabled OR the stats http page be password protected by default.
The text was updated successfully, but these errors were encountered: