diff --git a/src/config/config.c b/src/config/config.c index 5c8a1e231..f49f2af5e 100644 --- a/src/config/config.c +++ b/src/config/config.c @@ -1019,7 +1019,7 @@ void initConfig(struct config *conf) conf->webserver.api.app_pwhash.c = validate_stub; // Only type-based checking conf->webserver.api.app_sudo.k = "webserver.api.app_sudo"; - conf->webserver.api.app_sudo.h = "Should the application password be allowed to modify Pi-hole config settings?\n Note that this setting is only relevant if the application password is set. Setting this to true allows third-party applications to modify advanced settings, e.g., the DNS server, DHCP server, or change passwords.\n Be aware that this setting is a security risk and should only be enabled if you trust the application and its developer."; + conf->webserver.api.app_sudo.h = "Should application password API sessions be allowed to modify config settings?\n Setting this to true allows third-party applications using the application password to modify advanced settings, e.g., the upstream DNS servers, DHCP server settings, or changing passwords. This setting should only be enabled if really needed and only if you trust the applications using the application password."; conf->webserver.api.app_sudo.t = CONF_BOOL; conf->webserver.api.app_sudo.d.b = false; conf->webserver.api.app_sudo.c = validate_stub; // Only type-based checking diff --git a/test/pihole.toml b/test/pihole.toml index b2e5f5874..be5e3ab07 100644 --- a/test/pihole.toml +++ b/test/pihole.toml @@ -1,7 +1,7 @@ -# Pi-hole configuration file (v5.25.2-1891-g7ff016f2-dirty) +# Pi-hole configuration file (v5.25.2-1921-gd3948088-dirty) # Encoding: UTF-8 # This file is managed by pihole-FTL -# Last updated on 2024-05-30 11:37:59 +# Last updated on 2024-06-15 09:10:13 UTC [dns] # Array of upstream DNS servers used by Pi-hole @@ -702,12 +702,11 @@ # app_pwhash = "" - # Should the application password be allowed to modify Pi-hole config settings? - # Note that this setting is only relevant if the application password is set. Setting - # this to true allows third-party applications to modify advanced settings, e.g., the - # DNS server, DHCP server, or change passwords. - # Be aware that this setting is a security risk and should only be enabled if you - # trust the application and its developer. + # Should application password API sessions be allowed to modify config settings? + # Setting this to true allows third-party applications using the application password + # to modify advanced settings, e.g., the upstream DNS servers, DHCP server settings, + # or changing passwords. This setting should only be enabled if really needed and only + # if you trust the applications using the application password. app_sudo = false # Array of clients to be excluded from certain API responses (regex):