Am Sun, 19 Jun 2011 11:28:36 +0200 schrieb Kim Leyendecker <kimleyendecker@hotmail.de>:
In the installer of openSUSE 11.4 (and I guess also in 11.3, 11.2 and 11.1) the toolbox "log in with this user automaticly" or something like this is choosen as default. That means, if you just click on "next" during installation, you will auto log in with your user, when you start your system. This happens without any password-check. This might be good for people who just want to work with their PC and don´t think about the system. But it´s a big security risk. Think of you got personal files on your harddrive, and your user is logged-in automaticly. Now, other people can easy get access to your /home dir. They just need to start your PC. So, please, disable this by default!
To drop a potential security lack
Sorry, but this is bullshit. If you just clicked "next", then you also did not password-protect your GRUB setup and did not encrypt your $HOME. So people can get at your files regardless of the users password. They'll simply boot with "init=/bin/sh", remove the root password and eat your cake.
To care about the user´s security
The user password has not that much to do with security. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org