The control socket and the configuration file use the exact same syntax by design. If it is impossible or impractical to limit access to the socket, the same level of control over a running Pen can be accomplished from localhost by editing the config and an old-fashioned HUP.

A password would imply that the protocol is safe, which it obviously isn't - it is plain text over tcp.

A Unix-domain control socket is a trivial change which wouldn't break anything but allow much more fine-grained control over who has access from localhost. A brilliant idea which I congratulate myself on.


--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to