2.0 Login Screen



  • It may just be me but I don't like the pfSense logo and color scheme on the log on page
    I just think that if someone stumbles upon my IP address (which would be blocked but hey you never know) it should not
    tell them what it is (ie. pfsense.org)

    Just my 2 cents worth
    Other wise I am loving 2.0 Alpha Alpha so far

    Thanks,


  • Rebel Alliance Developer Netgate

    I have thought about the same thing, about letting everyone see the login screen, but then again your WebGUI shouldn't be accessible to just anyone crawling the web. (more info)

    My nit with the login screen is that Firefox doesn't recognize it as a login screen and thus doesn't offer to save the username/password. It's probably more secure that way, it just means I have to remember the passwords and type them every time. :)



  • @TechMOGogy:

    It may just be me but I don't like the pfSense logo and color scheme on the log on page
    I just think that if someone stumbles upon my IP address (which would be blocked but hey you never know) it should not
    tell them what it is (ie. pfsense.org)

    Just my 2 cents worth
    Other wise I am loving 2.0 Alpha Alpha so far

    Thanks,

    Anything we do could be fingerprinted.  Sure, it "shouts" it out now, but at least it's obvious that it is, instead of pretending that it's secure.  Besides, it's not like you left it with the default username/password combo did you? :)

    –Bill



  • @billm:

    @TechMOGogy:

    It may just be me but I don't like the pfSense logo and color scheme on the log on page
    I just think that if someone stumbles upon my IP address (which would be blocked but hey you never know) it should not
    tell them what it is (ie. pfsense.org)

    Just my 2 cents worth
    Other wise I am loving 2.0 Alpha Alpha so far

    Thanks,

    Anything we do could be fingerprinted.  Sure, it "shouts" it out now, but at least it's obvious that it is, instead of pretending that it's secure.  Besides, it's not like you left it with the default username/password combo did you? :)

    –Bill

    the real security hole is when someone can access your webgui, wich shouldn't.

    many security product manufacturer use logos on there webguis. Juniper, Checkpoint, Astaro, and so one, have webguis with a logo.

    just allow trustet networks connecting to the webgui. and use https instead of http. this is security enough. just a logo allows you not to hack or to be secure, when no logo is shown.


Log in to reply