MM Zeeman

Mind that the admin password is readable in the config file too. One easy thing which can be done is to flag processes as sensitive, then they don't allow debug...

Idea. Maybe we can place the admin password in a little dedicated process which we flag as sensitive. Than it will no longer appear in crash logs and you will...

Thanks for bringing this back into our attention. 👍 This is the password of the first user in the system "admin", which is in the config of the site. All...

That is indeed easier. I forgot we also accept JSON and YAML site config files.

Are there other configuration values which should not end up in logs? The database password maybe? I guess this is a feature which is really needed when you run Zotonic...

This is a `0.x` issue. In `1.0` the config of the site is loaded into `application` environment variables. Because they are not kept in the supervisor anymore, they do not...

Yes we put this on the list for 1.1. FYI it is possible to disable the admin user by unpublishing it’s resource. Then only users with bcrypt hashes are used....

This article describes a very interesting solution. https://bigcommerce.websiteadvantage.com.au/tag-rocket/articles/improving-image-loading-without-javascript/ We could lazy render a very small image with a reduced color palette and embed it in a style attribute on the...

Today I looked into compiling erlsass on MacOS. But that requires quite some setup as it only compiles with gcc, as libsass does. That is not ideal to have as...

In the module we made it is possible to have an hierarchy of events so you can easily filter on authentication events, resource modification, etc. In our own codebase we...