Re: Default admin password for a webapp
Xavier Luthi <xavier@caroxav.be> writes:
> I'm currently packaging pixelpost (ITP #470214) which is a photoblog
> application written in php and using mysql. The installation process
> requires to create an 'admin' account in the database with, of
> course, a password.
Apparently based on the assumption that the installation will in all
cases be monitored by a person babysitting the installation process.
> My question is: what do you think is the best solution to set this
> password?
Since the above assumption is not necessarily true on a Debian system,
and (as you point out) a debconf query for the password might not be
answered at install time, you should have the package installed such
that it allows *no* access until the password is chosen by the
administrator.
> One solution, the easiest on the package development point of view,
> is to set a default password documented in the README.Debian. Of
> course, this is not beautiful and can be a security issue,
> especially if the user doesn't change it immediately...
I would modify "can be" to "is definitely" a security issue. Don't do
that. Installing applications with default passwords is not a valid
approach for a 21st century package.
Instead, in the absence of explicitly choosing a password, the
application should be installed such that it will deny authentication
until such a password is explicitly chosen.
--
\ "I got a postcard from my best friend, it was a satellite |
`\ picture of the entire Earth. On the back he wrote, 'Wish you |
_o__) were here'." -- Steven Wright |
Ben Finney
Reply to: