> It will not affect me since I do it automatically already, but if I could
> make 2 suggestions for future BQ versions:
> 1. Do not allow the password to be "password" or to be the same as the
Good point and easy to implement. I think I'll take it one step further:
Remember the "Secure Passwords PKG" that I once had released several years
ago? It used cracklib to check how secure passwords were upon user creation
and/or password changes. If a password was based on a dictionary word or
wasn't complex enough (length, upper + lower case + special characters), it
would reject the password.
One of the reasons for pulling the PKG back then was: It was a bit too
intrusive and eventually collided with official BlueQuartz updates, which
overwrote some of the changes that this PKG made. I'll see if I can dig out
the old code, polish it a bit more and will then submit it as official update
to the BlueQuartz SVN. That should solve the issue nicely.
> 2. Have userdirs disabled; make it hard for customers to enable userdirs,
> and harder to enable with php and cgi access for those userdirs.
Another good point. Same for FTP access. There should be a checkbox that
allows to turn off FTP for an entire site or selected users of a particular
Especially as turning off FTP for individual users is rather easy:
echo '<Limit>\nDenyAll\n</Limit>\n' > ~username/.ftpaccess
No promises on when that will be added to the BlueQuartz GUI, but I'll put it
on the list as it'll be quite useful to have.
With best regards,