phpredmin icon indicating copy to clipboard operation
phpredmin copied to clipboard

Published 20 hours ago verified publisher icon sasanrose

Automatic hashing password

Open MikyWoW opened this issue 6 years ago • 1 comments

There should be password in plain text in docker-compose.yml Using hash is inconvenient.

environment:
            - PHPREDMIN_AUTH_USERNAME=UserName
            - PHPREDMIN_AUTH_PASSWORD=PlainPassword

You can hash it and save somewhere on first run index.php

$hash = GetHash();
if(!$hash){
$pwd = getenv('PHPREDMIN_AUTH_PASSWORD');
$hash = password_hash($pwd, PASSWORD_DEFAULT);
SaveHash($hash);
}
// login method

MikyWoW avatar Feb 08 '19 14:02 MikyWoW

Tbh, that could work, because I suppose that's a safe place and it can't leak, also you still have the options to inject secret variables in ci/cd. And you don't have to try to save it in the first run; hash it and store it while building your docker images instead.

luongvm avatar Feb 08 '19 14:02 luongvm