kitodo-production icon indicating copy to clipboard operation
kitodo-production copied to clipboard
verified publisher icon kitodo

Abolish default accounts

Open matthias-ronge opened this issue 4 years ago • 2 comments

The Security by Default design principle recommends not to deliver an application with sample accounts with known passwords. The chances are too high that these accounts will not be deactivated or their passwords changed, and represent an invasion gateway for unauthorized third parties.

Goal: Delete default user accounts from the database. Instead, when the application detects the number of users is zero, it first wants an administration user to be created. Example:

Asks to create first user

matthias-ronge avatar May 25 '21 13:05 matthias-ronge

How about deactivating them by default instead?

solth avatar May 25 '21 15:05 solth

That does not lead to the goal. Then you have to activate them during installation (you have to be able to log in somehow), forget them, and then the state is the same as if they were activated from the beginning.

One part of the goal is that the name of the administrator account cannot be retrieved from GitHub (and does not match Pattern.compile("^(?:admin|kitodo|root|test).*", Pattern.CASE_INSENSITIVE), these should also be blocked here). Another component is that the password cannot be retrieved from GitHub (and that the password must correspond to the configured password guidelines, e.g. not test or kitodo).

matthias-ronge avatar May 26 '21 07:05 matthias-ronge