Ticket #943 (closed Feature Request: fixed)
Set initial admin password
| Reported by: | JuergeN | Owned by: | jri |
|---|---|---|---|
| Priority: | Major | Milestone: | Release 4.8 |
| Component: | DeepaMehta Standard Distribution | Version: | 4.7 |
| Keywords: | Cc: | ||
| Complexity: | 3 | Area: | Runtime Environment |
| Module: |
Description
As an administrator I want to set an initial admin password before starting DeepaMehta on a publicly accessable server for the first time. The fact that DeepaMehta is 'open' for a certain amount of time before one can login and change it, does not make it a secure system. A new entry in the config file could do the job.
Change History
comment:1 in reply to: ↑ description Changed 9 years ago by jri
- Status changed from new to accepted
comment:2 Changed 9 years ago by JuergeN
I would expect to enter the password in plain text into the config-file. I would expect DM itself to calculate the SHA-256 ecoding from the given initial password and store the password in the db just like before.
comment:4 Changed 9 years ago by jri
In https://github.com/jri/deepamehta/commit/7edbcace
Set initial admin password in config file (#943).
There is a new config property:
dm4.security.initial_admin_password
The initial password for the "admin" user account.
By default it is empty.
Note: this setting is only evaluated while the first DeepaMehta start.
Once started the admin password can be changed interactively (using the Webclient).
See #943.
Replying to JuergeN:
Would you expect this entry in clear text, or SHA-256 encoded?
At the moment DM stores passwords only SHA-256 encoded.