Git Product home page Git Product logo

Comments (7)

kramwell avatar kramwell commented on June 7, 2024

one option to solve.. is on first run a password can be set that will append settings to config or store in db, that means encryption can be added so its not stored plaintext either, then password change is done through app or can be removed fully in emergencies to reset again? that would tick off a few things and add some nice security...

from dmarc-srg.

liuch avatar liuch commented on June 7, 2024

This was done for security reasons: the password with an empty string is always wrong.

from dmarc-srg.

kramwell avatar kramwell commented on June 7, 2024

I agree, but most people might not set a password and on first run they can access the webpage without changing anything. then if they logout for whatever reason they cant login again... so its a bug.

from dmarc-srg.

liuch avatar liuch commented on June 7, 2024

It's possible that I did not understand you, but... you will not able to access the web-interface with the default config if you do not change anything there. Or you were able to get the access with the default config?

from dmarc-srg.

kramwell avatar kramwell commented on June 7, 2024

I've re-tested and its actually due to changing the password when logged in to blank and logging out so expected behaviour my apologies, I'm putting your program through some interesting tasks, and not really real-world scenario anyways.

I still think its worth looking at not having plain text though (and maybe set a default password to 1234) and document in readme as its not obvious...

Thanks for creating this tool!

from dmarc-srg.

liuch avatar liuch commented on June 7, 2024

I still think its worth looking at not having plain text though (and maybe set a default password to 1234) and document in readme as its not obvious...

A hard-coded default password is a bad idea. It's the first thing a hacker checks, and a blank password is rejected not only on the server, but the web interface also explicitly rejects it. How exactly to disable the password is indicated in the comment.

from dmarc-srg.

liuch avatar liuch commented on June 7, 2024

Done: 84e2196

from dmarc-srg.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.