Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-28704

Don't have a default admin password

    XMLWordPrintable

    Details

      Description

      In legacy you have to enter an admin password during the setup wizard. In eZ Platform there is no such wizard, and the composer scripts do not ask for this either. So if you don't remember to change the admin password, you end up with a very well known one.

      Suggested alternatives:

      1. Add admin password creation to the scripts running during composer install, and/or to the backend UI login, if it detects that the admin password is not changed.
      2. Detect when the admin password is not changed, and display a big fat warning in admin until it's changed. Possibly also in composer commands.
      3. Publish a go-live checklist with important info like this.
      4. Use our password notification/expiry feature such that the admin password by default expires shortly after install, e.g. notification in 1 day, expiry in 1 week 🏆

      1 and 2 can be combined, so that if you enter the currently default password during install, it will not be accepted or a warning is shown. However option 4 basically does this for us without having to add new features.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            gunnstein.lye@ez.no Gunnstein Lye
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: