Comments (7)
one option to solve.. is on first run a password can be set that will append settings to config or store in db, that means encryption can be added so its not stored plaintext either, then password change is done through app or can be removed fully in emergencies to reset again? that would tick off a few things and add some nice security...
from dmarc-srg.
This was done for security reasons: the password with an empty string is always wrong.
from dmarc-srg.
I agree, but most people might not set a password and on first run they can access the webpage without changing anything. then if they logout for whatever reason they cant login again... so its a bug.
from dmarc-srg.
It's possible that I did not understand you, but... you will not able to access the web-interface with the default config if you do not change anything there. Or you were able to get the access with the default config?
from dmarc-srg.
I've re-tested and its actually due to changing the password when logged in to blank and logging out so expected behaviour my apologies, I'm putting your program through some interesting tasks, and not really real-world scenario anyways.
I still think its worth looking at not having plain text though (and maybe set a default password to 1234) and document in readme as its not obvious...
Thanks for creating this tool!
from dmarc-srg.
I still think its worth looking at not having plain text though (and maybe set a default password to 1234) and document in readme as its not obvious...
A hard-coded default password is a bad idea. It's the first thing a hacker checks, and a blank password is rejected not only on the server, but the web interface also explicitly rejects it. How exactly to disable the password is indicated in the comment.
from dmarc-srg.
Done: 84e2196
from dmarc-srg.
Related Issues (20)
- kerberos error HOT 2
- Feature Request -- Support for retrieving DMARC emails from AWS S3 bucket HOT 18
- How to update HOT 4
- Feature Request - Reporting for multiple domains at once HOT 5
- Error: Call to undefined function Liuch\DmarcSrg\getallheaders() HOT 10
- NP tag causes error to be logged HOT 2
- Feature Request: Button to manually retreive email HOT 6
- Multiple Mailboxes? HOT 2
- utils/fetch_reports.php does not list mailbox messages HOT 3
- Cant login HOT 20
- Error - Bad Message Number HOT 11
- JSON.parse: unexpected non-whitespace HOT 2
- Feature Request -- Export Summary Reports to CSV HOT 4
- admin login setting to assign the domains to user login HOT 1
- Forensic reports? HOT 4
- Ip address I wrong in reports. HOT 4
- Check on write access of config is incorrect HOT 1
- Fetch_report : failed to open stream HOT 9
- error message with PHP 7.4 HOT 1
- Feature request - Graphs in reports (duplicate #79) HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dmarc-srg.