Even if it is not likely that someone else is in my LAN, I encrypt as much as possible to avoid this problem. For the webinterface everything is fine with AUTH. But I can connect to the OSGI console without any login and do ALL changes.
Question:
Can I disable OSGI console?
Can I just run it on the adapter 127.0.0.1 (loopback)? == not reachable from outside of the machine
Can I bring in user/password (ssh) authentication?