Security of MT

miroxy · Wed Jan 11, 2006 9:38 pm

Can you implement in some of next versions su, like linux box when you login like normal user but if you need something to change you have to su.

changeip · Thu Jan 12, 2006 1:28 am

There is already security... if you log in as unprivilege user you cannot change but can read, etc... you can't su but you can just relogin in.

Sam

miroxy · Fri Jan 13, 2006 12:42 am

I agree, but main purpose of su is to prevent bruteforce attack on box.

changeip · Fri Jan 13, 2006 12:58 am

You must mean brute force the admin/root password right? That makes sense. I noticed on the mt demo box they disable the admin and just use alternate logins that are admins ... sounds like its an option for you maybe.

Sam

miroxy · Fri Jan 13, 2006 1:17 am

What to do if they accidentally sniff your pass, get into MT and change your pass or even disable your login?
Is there any way to get back admin pass from user.dat and user.idx files?

changeip · Fri Jan 13, 2006 4:12 am

What to do if they accidentally sniff your pass, get into MT and change your pass or even disable your login?
Is there any way to get back admin pass from user.dat and user.idx files?

This is the risk everyone has to deal with ... however you can minimize it by only using SSH and/or coming thru a tunnel to get access to the console. Disallowing router access from the outside is always a good idea.

cieplik206 · Sat Dec 06, 2008 6:54 pm

Is there any way to get back admin pass from user.dat and user.idx files?

Of course there is. and if you have everything you need it takes couple of minutes to take that password.

I've tested it

Security of MT

Security of MT

Re:

Who is online