are webapps allowed to have a default user with a default password?

To: debian-devel@lists.debian.org
Subject: are webapps allowed to have a default user with a default password?
From: Evgeni Golov <sargentd@die-welt.net>
Date: Mon, 3 Nov 2008 09:40:37 +0100
Message-id: <[🔎] gemde7$9gc$1@ger.gmane.org>

Hi *,

while working on a fix for opendb's RC/Security bug #504173, I noticed
that opendb creates a default admin user "test" with "test" as password.
This is IMHO a security hole, but I would like to hear your opinion -
is this okay or not?

Regards
Evgeni

Reply to:

Follow-Ups:
- Re: are webapps allowed to have a default user with a default password?
  - From: "Paul Wise" <pabs@debian.org>

Prev by Date: Re: [DRAFT] resolving DFSG violations
Next by Date: Re: DFSG violations: non-free but no contrib
Previous by thread: Re: [DRAFT] resolving DFSG violations
Next by thread: Re: are webapps allowed to have a default user with a default password?
Index(es):
- Date
- Thread