Quote Originally Posted by jukkal View Post
True, but at least the attacker must first guess a working login and the right password before being able to do anything. (Not that it necessarily prevents all attackers, but at least they need some more effort, and that may keep some of them away.)

If, in addition to disabling root login and requiring password for another user acccount, the router passes traffic to the receiver only from certain known ip address(es) only at certain given times, I think it should be safe enough for most of us.

But anyway, I'd like to have an option to prevent any setting changes via OpenWebif, allowing only streaming and adding timers. And it would be really nice to be able to have one account with these restrictions and another one that can do anything you can do. now.
The login will make no difference at all, enigma2 is not setup with security in mind, regardless of what authentication you set on the image a open port will allow full unmetered access to your receiver. The best way to secure the receiver is to setup a dedicated VPN to route the traffic or don't open ports in the first place, authentication in enigma2 is worthless as it currently stands.


Sent from my iPad Air using Tapatalk