meisterT
commented
6 years ago Closed eldering closed 5 years ago
meisterT
commented
6 years ago 
thijskh
commented
5 years ago 815c019 is not a good permanent thing to have since it verifies all admin passwords (an expensive operation) on every index page view. So when fixed properly, this check should be removed.
thijskh
commented
5 years ago How about: a new user flag, bool password_must_change, when set, post login a user is prompted for mandatory password change before they can do anything. We obviously set this flag when creating the default admin user.
thijskh
commented
5 years ago How about: the install scripts generate a random password for the admin user and dump it somewhere on the filesystem
meisterT
commented
5 years ago Both options sound ok to me. The second is probably easier to implement.
eldering
commented
5 years ago I'd prefer the second, simpler solution.
Currently a new install comes with credentials admin/admin. This is prone to lead to security issues when someone forgets to change it. We should either generate a random password during installation or on first login force that the password is changed.