search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.62k stars 1.52k forks source link

Hardcoded password for MYSQL #518

Closed joaquinrinaudo-olx closed 6 years ago

joaquinrinaudo-olx commented 6 years ago

Hello,

When running docker now the password is hardcoded by setup.bash to "Cu3zehoh7eegoogohdoh1the" if running docker-compose . Can we parametrize this MYSQL password via ENV MYSQL_PASSWORD as before? Same for admin user default, before it was set by DOJO_ADMIN_PASSWORD.

Sample Scan File (if applicable)

https://github.com/DefectDojo/django-DefectDojo/blob/master/setup.bash#L48

Regards,

joaquinrinaudo-olx commented 6 years ago

Duplicate of #504.

t3h2mas commented 6 years ago

@joaquinrinaudo-olx In that issue, I mentioned the hardcoded password, but my issue was specific to using a database outside of the defect dojo environment. I.E. in a cloud provider.

It's my opinion that the two issues are separate and this could be reopened as a non dup

joaquinrinaudo-olx commented 6 years ago

If they would support databases outside DefectDojo, probably this issue would be addressed (at least for us) since we could use RDS or similar technologies which probably mean a non-hardcoded password.