Ticket #943 (closed Feature Request: fixed)

Opened 5 years ago

Last modified 5 years ago

Set initial admin password

Reported by: JuergeN Owned by: jri
Priority: Major Milestone: Release 4.8
Component: DeepaMehta Standard Distribution Version: 4.7
Keywords: Cc:
Complexity: 3 Area: Runtime Environment
Module:

Description

As an administrator I want to set an initial admin password before starting DeepaMehta on a publicly accessable server for the first time. The fact that DeepaMehta is 'open' for a certain amount of time before one can login and change it, does not make it a secure system. A new entry in the config file could do the job.

Change History

comment:1 in reply to: ↑ description Changed 5 years ago by jri

  • Status changed from new to accepted

Replying to JuergeN:

A new entry in the config file could do the job.

Would you expect this entry in clear text, or SHA-256 encoded?
At the moment DM stores passwords only SHA-256 encoded.

comment:2 Changed 5 years ago by JuergeN

I would expect to enter the password in plain text into the config-file. I would expect DM itself to calculate the SHA-256 ecoding from the given initial password and store the password in the db just like before.

comment:3 Changed 5 years ago by jri

OK, let's do it this way.
Thanks.

comment:4 Changed 5 years ago by jri

In https://github.com/jri/deepamehta/commit/7edbcace

Set initial admin password in config file (#943).

There is a new config property:

dm4.security.initial_admin_password

The initial password for the "admin" user account.
By default it is empty.

Note: this setting is only evaluated while the first DeepaMehta start.
Once started the admin password can be changed interactively (using the Webclient).

See #943.

comment:5 Changed 5 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.