Hacking attempt... Is it safe to keep the ROOT folder without password?

[nikster]

Hello everyine, I use password protection for the folders only (not root), and recently I found this in HFS log:



It seems that someone tried to hacked me via 'search' bar. I did not find any viruses yet, also I use dedicated laptop for the server (without any personal data on it), however I am wondering about possible risks.  I don't want to over-complicate the things for my customers and (the same time) want to keep my home network safe.

What is your advice? Is it permitted to keep the Root unprotected? And what is the worst scenario for the unprotected HFS?

Also, question to the author(s): is it possible to disable 'search' bar in menu?

[nikster]

by the way, my version is 2.3m (build #300)

[rejetto]

hi, i keep my root unprotected, so i consider it safe.
Those are attempts at exploiting old bugs not present in current version.
Still those messages are annoying to look at. It would be nice if someone comes with filter to avoid those requests from being received/displayed, even just for peace of mind.

Bugs can be nasty, every software has some from time to time. Point is: adding authentication is not necessarily a solution, it just depend if the bug is accessible without of it interfering.
In real world you should just keep your software updated and check there is no known security problem with latest version.
This is true for any software out there.

btw, i'm working on HFS 3 these days. I hope it will officially replace "current" version in 1-3 months. I already use it with great satisfaction.