The control socket and the configuration file use the exact same syntax
by design. If it is impossible or impractical to limit access to the
socket, the same level of control over a running Pen can be accomplished
from localhost by editing the config and an old-fashioned HUP.
A password would imply that the protocol is safe, which it obviously
isn't - it is plain text over tcp.
A Unix-domain control socket is a trivial change which wouldn't break
anything but allow much more fine-grained control over who has access
from localhost. A brilliant idea which I congratulate myself on.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]