Prohibiting Default Username and Password Logins. #6396
Labels
task: help-wanted
Extra attention is needed
Comments
|
I'm interested in this issue. Could you provide more information? |
|
Right now, the Seata console uses a username and password for login, with the default being seata/seata. A lot of users don’t change these default credentials in the config files when setting things up, and then deploy it to public-facing environments. This leaves the door wide open for unauthorized folks to log in with the default info and snoop around. Here’s the fix we’re thinking: Add an interactive script or setup wizard during installation that forces users to either input or auto-generate their own username, password, and secret key on first launch. That way, there’s no default sensitive info hanging around, and the system stays way more secure. |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After the initial setup of the console, the first login should redirect to a page for initializing the account and password, where data or configuration can be persisted. Subsequently, due to security concerns, the login using default accounts and passwords should be disabled.
The text was updated successfully, but these errors were encountered: