DNN Blog Archive

Search DNN Blogs

KeywordsPhrase

DNN Bloggers

	View All Recent Entries
	Alec Whittington (11)
	Alex Shirley (10)
	Andrew Nurse (30)
	Anthony Glenwright (5)
	Antonio Chagoury (28)
	Ash Prasad (6)
	Benjamin Hermann (16)
	Benoît Sarton (9)
	Bill Walker (36)
	Bob Kruger (2)
	Brice Snow (1)
	Bryan Andrews (1)
	Cathal Connolly (44)
	Charles Nurse (130)
	Chris Hammond (175)
	Christopher Paterra (50)
	Cuong Dang (19)
	Daniel Bartholomew (2)
	Dave Buckner (2)
	Doug Howell (11)
	Erik van Ballegoij (22)
	Ernst Peter Tamminga (52)
	Gilles Le Pigocher (2)
	Ian Robinson (5)
	Israel Martinez (10)
	Jan Blomquist (3)
	Jenni Merrifield (6)
	Joe Brinkman (200)
	Jogi Nijjar (0)
	Jon Henning (14)
	Keivan Beigi (3)
	Ken Grierson (7)
	Kevin Schreiner (6)
	Leigh Pointer (31)
	Lorraine Young (60)
	Matthias Schlomann (8)
	Mauricio Márquez (5)
	Michael Washington (201)
	Mike Horton (17)
	Mitchel Sellers (16)
	Navin Nagiah (13)
	Néstor Sánchez (30)
	Nik Kalyani (14)
	Patrick Santry (3)
	Peter Donker (32)
	Philip Beadle (133)
	Richard Dumas (11)
	Rob Chartier (0)
	Robert J Collins (5)
	Roger Selwyn (2)
	Rubén López Aparicio (1)
	S. Shawn Mehaffie (17)
	Salar Golestanian (4)
	Sanjay Mehrotra (9)
	Scott McCulloch (1)
	Scott Schlesier (4)
	Scott Willhite (85)
	Sebastian Leupold (67)
	Shaun Walker (196)
	Stefan Cullmann (7)
	Stefan Kamphuis (7)
	Steve Fabian (26)
	Tam Tran Minh (0)
	Timo Breumelhof (24)
	Vicenç Masanas (26)
	Vincent Nguyen (2)
	Vitaly Kozadayev (6)
	Will Morgenweck (20)
	Will Strohl (102)
	William Severance (5)

DNN Blog

DNN-5147: Alert admin/host users to insecure login details

Mar 9

Posted by: Philip Beadle
Friday, March 09, 2007 12:00 AM

Over the years working on DNN I have seen quite a few posts about people saying their site has been hacked when all thats happened is they have left the default login details set up on their production site. Now we have a warnign system :)

When you login now if the details you are using are either admin/dnnadmin or host/dnnhost you get a warning like this

This occurs only on Login and simply adds a querystring parameter like this

http://localhost/dotnetnuke450/Default.aspx?runningDefault=2

so performance is not impacted at all.

Trackback Print

Tags:

Categories:

Location: Blogs Parent Separator

Philip Beadle

1 comment(s) so far...

Re: DNN-5147: Alert admin/host users to insecure login details

For years and years, I was able to log into Oracle databases using the default installation password for the system account:

"change_in_install"

This is a nice feature to add, but don't expect those complaints to go entirely away! Some people will remain clueless and inattentive. :)

By davidwendelken on Monday, March 19, 2007 7:44 AM

Advertisers

DotNetNuke Corporation

DotNetNuke Corp. is the steward of the DotNetNuke open source project, the most widely adopted Web Content Management Platform for building web sites and web applications on Microsoft .NET. Organizations use DotNetNuke to quickly develop and deploy interactive and dynamic web sites, intranets, extranets and web applications. The DotNetNuke platform is available in a free Community and subscription-based Professional and Enterprise Editions with an Elite Support option. DotNetNuke Corp. also operates Snowcovered.com where users purchase third party apps for the platform.

Community
- Get Involved
- Extension Forge
- Forum
- Blog
- Teams
- Recognition
Resources & Support
Partners
News Room
App Gallery
What is DNN
Get Started
- Downloads
- Video Instruction
In Action
About Us
sales@dnncorp.com (650) 288 - 3150 (650) 288 - 3191

Hosted by MaximumASP