BlogEngine.NET 1.2 Web Install... issue

Nov 8, 2007 at 9:52 PM

Simple question, any reason why you hardcoded the admin and editor accounts into the Web Install of v1.2 ? Anyone using the Web Install version is leaving their system open to abuse as you cannot remove the default accounts that come with the Web version!

I noticed this in a prior version where you had done this, I had to compile the source and then overwrite the core dll file in the web sites Bin folder to fix the problem, samething I did with version 1.2 to allow me to use my own account and not have the default accounts appearing over and over.

Anyone who has not compiled v1.2 source and simply used the web install should check this by making sure their users.xml file and roles.xml file contain only your user account. Then log in with your user account and go to Users config, you will notice the Admin and Editors accounts are still visible and cannot be deleted.

Hope this helps,

Nov 8, 2007 at 10:15 PM
You can delete the default users, but unfortunately it isn't that easy. Check out this video explaining how to do it