This repository has been archived by the owner on Nov 17, 2021. It is now read-only.
Revise the initialization of the Admin account. #10
Labels
Comments
|
Here's the current language on the 'Docs' page: ManuelGetting Started
|
|
How about: ManuelGetting Started
|
|
They currently set the password on the main page the first time it is set up. What do you mean "on the same page" - they can't get to the admin page until they login.
We added that public "secret" password to add an extra blanket. The admin really just needs to know to finish the setup by always creating a user. The first user created will be the admin.
That public password is not really the admins password - it's more like a key to get in once installed. Then they set their password. Maybe if I change the wording to be an "install key" it get removed immediately after the first user registers anyways
Kyle
… On Dec 8, 2016, at 1:15 PM, Jason Dalton ***@***.***> wrote:
The strategy for the initial admin user default password won't pass Amazon's security check to get it on Marketplace. We need a new strategy. How about we let the admin user set their password from the same page, instead of using a default. It's no less secure since the default is listed on the public web anyway. This woudl be more secure. in the event someone snuck in and added their own admin password before the real admin, the real admin could just shut it down at the server and reload.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Let's just take them right to making the Admin password then. Since the code is public, it's not adding any more security.
… On Dec 8, 2016, at 5:43 PM, Kyle Kalwarski ***@***.***> wrote:
They currently set the password on the main page the first time it is set up. What do you mean "on the same page" - they can't get to the admin page until they login.
We added that public "secret" password to add an extra blanket. The admin really just needs to know to finish the setup by always creating a user. The first user created will be the admin.
That public password is not really the admins password - it's more like a key to get in once installed. Then they set their password. Maybe if I change the wording to be an "install key" it get removed immediately after the first user registers anyways
Kyle
> On Dec 8, 2016, at 1:15 PM, Jason Dalton ***@***.***> wrote:
>
> The strategy for the initial admin user default password won't pass Amazon's security check to get it on Marketplace. We need a new strategy. How about we let the admin user set their password from the same page, instead of using a default. It's no less secure since the default is listed on the public web anyway. This woudl be more secure. in the event someone snuck in and added their own admin password before the real admin, the real admin could just shut it down at the server and reload.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub, or mute the thread.
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Yea - or I can prob set it so they don't even have to enter the username..
I remember I initially set it up with no password to install - thinking it should be the responsibility of the installer to finish all the steps.
Kyle
… On Dec 8, 2016, at 1:17 PM, Jason Dalton ***@***.***> wrote:
How about:
Manuel
Getting Started
Once SARCAT is installed and running, navigate to http{s}:// to set the Admin password (Username: ***@***.***, Password: ) to begin setting up your profile. This is only done once for each installation.
Go to the Admin Tools section on the left to begin setting up your profile
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The strategy for the initial admin user default password won't pass Amazon's security check to get it on Marketplace. We need a new strategy. How about we let the admin user set their password from the same page, instead of using a default. It's no less secure since the default is listed on the public web anyway. This woudl be more secure. in the event someone snuck in and added their own admin password before the real admin, the real admin could just shut it down at the server and reload.
The text was updated successfully, but these errors were encountered: