Ticket #943 (closed Feature Request: fixed)

Opened 8 years ago

Last modified 8 years ago

Set initial admin password

Reported by: JuergeN Owned by: jri
Priority: Major Milestone: Release 4.8
Component: DeepaMehta Standard Distribution Version: 4.7
Keywords: Cc:
Complexity: 3 Area: Runtime Environment


As an administrator I want to set an initial admin password before starting DeepaMehta on a publicly accessable server for the first time. The fact that DeepaMehta is 'open' for a certain amount of time before one can login and change it, does not make it a secure system. A new entry in the config file could do the job.

Change History

comment:1 in reply to: ↑ description Changed 8 years ago by jri

  • Status changed from new to accepted

Replying to JuergeN:

A new entry in the config file could do the job.

Would you expect this entry in clear text, or SHA-256 encoded?
At the moment DM stores passwords only SHA-256 encoded.

comment:2 Changed 8 years ago by JuergeN

I would expect to enter the password in plain text into the config-file. I would expect DM itself to calculate the SHA-256 ecoding from the given initial password and store the password in the db just like before.

comment:3 Changed 8 years ago by jri

OK, let's do it this way.

comment:4 Changed 8 years ago by jri

In https://github.com/jri/deepamehta/commit/7edbcace

Set initial admin password in config file (#943).

There is a new config property:


The initial password for the "admin" user account.
By default it is empty.

Note: this setting is only evaluated while the first DeepaMehta start.
Once started the admin password can be changed interactively (using the Webclient).

See #943.

comment:5 Changed 8 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.