fusiondb-server icon indicating copy to clipboard operation
fusiondb-server copied to clipboard
verified publisher icon evolvedbinary

Admin password blank by default, must be proactively set

Open IanDavey opened this issue 6 years ago • 4 comments

The admin password has to be set manually in the user manager upon a fresh install, otherwise it is blank. This encourages bad security practice among DBAs and could increase the likelihood and severity of breaches if deployed at scale.

Possible solution: screen at setup similar to eXist's for setting the admin password.

IanDavey avatar Aug 21 '19 13:08 IanDavey

Hi @IanDavey, thanks for your issue report. I agree that having a default empty password is not great.

There are some platforms (Linux/Unix) where the installation is unattended as we install a .deb or .rpm package. Ideally I would like a similar mechanism for setting an initial password on all platforms.

I have been thinking about, having an initial configuration webpage which is shown after the database is installed. It would show this after installation, and require you to set a password and maybe a couple other things, before starting the server properly for the first time.

How does that sound?

adamretter avatar Aug 22 '19 21:08 adamretter

Similar to the current page that lets you select VM properties? That sounds good to me.

IanDavey avatar Aug 22 '19 21:08 IanDavey

@IanDavey The current VM properties stuff on Windows is a JavaFX panel which is launched from the system tray. This would instead be a webpage which you see the first time you visit http://localhost:4059

adamretter avatar Aug 22 '19 22:08 adamretter

I have scheduled this for Alpha 3 - https://github.com/evolvedbinary/fusiondb-server/wiki/Road-Map

adamretter avatar Aug 27 '19 16:08 adamretter