I am not suggesting that as a general solution. What I have in mind is an appliance with a single account (root or whatever). The root password is the only parameter set by the hosting provider and communicated to the user. The user never ssh into the vps. He instead uses the provided password to login into web2py admin and changes the web2py admin password (not the root password). From that moment on web2py works as usual. We could provide enough web2py tools to completely manage the vm from inside.
On Feb 15, 9:20 pm, Thadeus Burgess <thade...@thadeusb.com> wrote: > Potential security risk validating against root. but a user account > definitely. > > -Thadeus > > On Mon, Feb 15, 2010 at 7:46 PM, mdipierro <mdipie...@cs.depaul.edu> wrote: > > Currently in admin you login using a password stored in the file > > parameters_443.py (443 is the post number). > > > I would like the option that if parameters_443.py contains > > password='posix:root' > > > then web2py admin authenticates the visitor using the 'root' password. > > > I do not know how to do it but it would be a really nice feature to > > have. In particular when running on a VPS. > > > Can anybody help? > > > All I would need a simple script that given a username and some text > > checks whether that is a the valid password for the user. > > > Massimo > > > -- > > You received this message because you are subscribed to the Google Groups > > "web2py-users" group. > > To post to this group, send email to web...@googlegroups.com. > > To unsubscribe from this group, send email to > > web2py+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/web2py?hl=en. -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
