Page 1 of 1
Security of MT
Posted: Wed Jan 11, 2006 9:38 pm
by miroxy
Can you implement in some of next versions su, like linux box when you login like normal user but if you need something to change you have to su.
Posted: Thu Jan 12, 2006 1:28 am
by changeip
There is already security... if you log in as unprivilege user you cannot change but can read, etc... you can't su but you can just relogin in.
Sam
Posted: Fri Jan 13, 2006 12:42 am
by miroxy
I agree, but main purpose of su is to prevent bruteforce attack on box.
Posted: Fri Jan 13, 2006 12:58 am
by changeip
You must mean brute force the admin/root password right? That makes sense. I noticed on the mt demo box they disable the admin and just use alternate logins that are admins ... sounds like its an option for you maybe.
Sam
Posted: Fri Jan 13, 2006 1:17 am
by miroxy
What to do if they accidentally sniff your pass, get into MT and change your pass or even disable your login?
Is there any way to get back admin pass from user.dat and user.idx files?
Posted: Fri Jan 13, 2006 4:12 am
by changeip
What to do if they accidentally sniff your pass, get into MT and change your pass or even disable your login?
Is there any way to get back admin pass from user.dat and user.idx files?
This is the risk everyone has to deal with ... however you can minimize it by only using SSH and/or coming thru a tunnel to get access to the console. Disallowing router access from the outside is always a good idea.
Re:
Posted: Sat Dec 06, 2008 6:54 pm
by cieplik206
Is there any way to get back admin pass from user.dat and user.idx files?
Of course there is. and if you have everything you need it takes couple of minutes to take that password.
I've tested it