kftpd has NEVER required a password.
As of Hijack v168, you can now turn on password checking, by specifying a plain text password in the config.ini file, as in:
[hijack]
kftpd_password=c00ld00d5
Of course, anyone with a web browser can just look at the config.ini file to extract the password, so this is not very secure. To prevent the web-browser side-step, add this line after the password line:
khttpd_files=0
This is much better, but not 100% secure.. it's possible (with a lot of poking around) to bypass this "security", but much easier for somebody would be to just install emplode and mess around using that.
I suppose I ought to add another option to disable Emplode access.. but somebody would probably bugger their player completely if I did that.. requiring a serial download of a non-hijack kernel to regain access. Hmmmm.. that might not be too bad, though..
Cheers
-ml
Previous Topic
Index
