Welcome to the SRP Forum! Please refer to the SRP Forum FAQ post if you have any questions regarding how the forum works.
SRP installs
In the SRP installs there is the SYSPROG application password request.
If that is skipped i.e. [next] pressed without entering the password, all continues.
Is there any consequence down the track?
If that is skipped i.e. [next] pressed without entering the password, all continues.
Is there any consequence down the track?
Comments
I thought that in my early days here so diligently put in the password when requested.
However, someone, not naming names, said that wasn't required and to just hit Enter so I did and everything still seemed to work!
Now, I am sheepish to admit, I have gotten lazy so dont put in the password for any SRP or Revelation prompt....
I need to be clearer in my response. I think perhaps I misread Barry's original question and I was also thinking of a different dialog that is used to authenticate the user (I've been doing a lot of OI 10 upgrading lately so that dialog is very much on my mind). To make sure we are on the same page, I am now assuming this is the screen under consideration:
I took his original question to mean that the login information was ignored (i.e., the username and password were left blank. In that case, the RDK will fail:
If, however, the SYSPROG username is left in place but the password is left blank when the user clicks on the Install button (note, there is no Next button on this page), then one of two things will happen:
- If the SYSPROG user does not have a password in the database then the RDK will install because the installer will have a correct username and password.
- If the SYSPROG user does have a password in the database then the RDK will not install because the installer will not have a correct username and password.
So, Barry will have to determine if he won the bet or not based on the actual scenario he was presenting and based on the expanded information I provided above.I suspect now we do not have a SYSPROG password. However, I know I have typed what I thought the password was that I inherited and it has been 'accepted'.
Would you expect success on a non-set password when given, well, anything as the password?
I wouldn't .....be it seems I was wrong again!
I was always curious as to why that no-password was accepted (because I definately thought it should not be when assuming there was a password) but I put it down to maybe running it in Dev mode being a special bypass. Silly me!!! Why not setting a password is allowed at all is a vibrant discussion for another day.
Even sillier when I say all of that out loud.
Ignore me if that's essentially what you're saying
Yes, but only because I have always known that usernames with no passwords just ignore whatever is passed in as the password.
I suppose "that's the way it has always been" is the best answer we can expect. I think the default "no-password" is mostly so the developer installing the product doesn't have to remember a default password, but would be expected to change it shortly afterwards. This is similar to how routers, modems, and firewalls work.
Security 101:
1. Install device/app/etc.
2. change default Auth details!
Well, at least I can vouch for the accuracy of Don's extended response.
SYSPROG/SYSPROG which I suppose is a trap for the OI9 habits
Clearly not adhering to MS's baseline password principles. Picking a default user password ofr MS is nothing short of frustrating. There is a B in your username? Therefore In your password you cant use the letter B, any letter adjacent to B, or anything that B is related to, has ever dated, or has ever even met! Want to use the letter FubbleFlob? You can't!! Because somewhere in the multiverse FubbleFlob's best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl that is dating the letter B!!
Ok, maybe an exageration but I think a lot of us have been there!
Thats what I am used to these days ;-)