I don't like the idea of the joint use of the ports for access, and username and password to access the site using routeros and winbox and the dude server.

Consider the following situation.
I for example are a customer who uses the services of an Internet provider. The ISP consists of four organizations engaged in technical providing a channel of communication.
All is good, if not encountered no technical problems with the communication channel, which in a short time need to be addressed.
For these purposes, very well suited The dude. Thanks to integrated tools in the dude has the ability to deploy a dispatcher workplace for monitoring and diagnostics of the connected telecommunication equipment and channel communication...
This all works well if all of this is controlled by one owner or unit within a single organization and its many divisions.

The question arises - what to do if you want to transfer access to monitoring the dude third party entities? Provided that we have no other alternative to access restrictions at different levels (v. 6.х.x):

- The port of winbox and the dude have one that is impossible to separate and block separately?

Well, if we create a separate limited account. We have still access to the control panel, RouterOS via winbox, where a third party opening the winbox can access the reading view preferences RouterOS. Thus a third party will be disclosed to the fragment segment of the topology of your local network.
The solution to this problem exists, but it is not the easy way it is solved:
1. You will need to first enable IP service web(www).
2. Then, go to control panel RouterOS via web client.
3. WebFig--->Design Skin create a new skin and disable (remove the tick) all unwanted sections of the manage your RouterOS, you would like so they don't appear in control panel, running winbox.
4. Save.
5. Go to the control panel via winbox.
6. You will need to first disable IP service web(www).
7. Go to System--->Users--->Groups. Select the group created for our third-party user (the default name of the "read")
8. Policies disable all unnecessary. In the skin select our created in WebFig skin. And press "OK"

Now our third party user will not be able to see via winbox setup our RouterOS under your account created specifically for the dude.

The algorithm of actions consisting of these 8 points is not easy for ordinary users. Dear developers, please make this procedure easier.

The ports for winbox and the dude server should be independent from each other for security!

Even if we take the situation of access to dude server for available from: xxx.xxx.xxx.xxx And in the winbox available from: bbb.bbb.bbb.bbb. With the ability to assign different ports.

In the dude client, it is necessary to redesign the interface to limit the display of user-defined functions available in read-only mode:
- Do not display the working tools of the designer;
- Do not display library MIB and uploaded and working files;
- Administrator the dude server needs to have the ability to create your own individual skin interface for the dude client for individual user groups (According to the principle of WebFig--->Design Skin create).
- I would like to see a function to compile the created project as a single executable file with the extension (.exe). This is necessary in order to make a user name, login, IP or domain dude server and port then compile it all in one project. For protection, I would add the dude server function allowed keys for access to the dude server.
1) Create a new dude project;
2) Save it or open it and continue working on its content;
3) The finished project is compiled by pressing the compile;
4) On the dude server system creates a corresponding record security key access to the server. Key management can be done via the key Manager located in one of the sections of the dude server. If you delete the selected security key, our the compiled project will not open from the remote client.

to be continued ...

I was maybe the first who was against the port joining when mikrotik did that. Long time ago. And unsuccessful. Keeping fingers crossed for you this time.