wallet
wallet copied to clipboard
Is it a good idea to prepopulate new installation with some sample questions, sample users?
The other day I've cloned the repository... I've created the account and realized:
- there are very cool screenshots in the whitepaper
- when starting on the platform everything is fresh
- can we provide a default
demo/demo
credentials, can we pre-populate the system with a few a sample proposals for easier testing?
I'm worried about security considerations, even if the password is changeme
some people won't... That's the downside of default credentials. Also the pre-populated database could be problematic in terms of security, maintenance.
Hello @stefek99 !
This is a legitimate question, and a practice often seen on distributed applications. The keyword here is fixtures
. We aim to provide a command line that will populate the database with such fixtures for easier testing. But to do that, and to be able to maintain them sanely, we need some more architecture (see #220).
In regard to the security issues raised by such practice, well… A good solution is to generate random passwords for the dummy users and ask for a username and password during the installation of the fixtures.
Also, other option is to only create fixtures
when Meteor.isDevelopment
so you can start a site in production with an empty database and a dev site with some data.
Happy to take any recommendations and suggestions regarding this. I think it's a good idea.
I use: https://www.npmjs.com/package/@cleverbeagle/seeder
Quite easy usage: https://cleverbeagle.com/packages/seeder/usage
Example in action: https://github.com/cleverbeagle/pup/blob/master/imports/startup/server/fixtures.js
@vjrj Seeder looks super-nice ! We should probably use it in the feature suite as well, no ?
This way, we can have fixtures written in gherkin, and that will provide boilerplates for bug reporters to expose their bugs using gherkin as well ?
SGTM!