Interesting... did they do it deliberately? I would think that they'd have to do it on pupose, wouldn't they? That's not the sort of thing one does accidentally. They have to run Emplode for starters, then select your player, etc...

I can see this will become more and more necessary as the products become more popular and hackers start finding them on networks.

In thinking about this, I can only see one way to do it that wouldn't be a support nightmare for lost passwords:

Allow free access to the empeg, and allow free setting of the login and password, whenever you are using serial and USB. Only when connecting via ethernet, emplode prompts for the password before allowing you in. The password could be simply stored in config.ini, perhaps hashed. This could mask the actual password, but allow you to erase the password by erasing the lines in config.ini if you've got a shell prompt.

In order to make it easy on Tech Support, you would have to allow them to change the password in serial/USB mode even if they don't know the old password. Since the password is only intended to protect against remote network access, this would be OK.

In emplode, the password setting box could be part of the TCP network setup box.

Of course, all of this is only useful if you think that passwords are secure. And this would only protect against emplode modifications to the player. If someone installed third-party stuff like Displayserver, all bets are off.

Anyone have a better scheme?

___________
Tony Fabris