I think having a default password in the .env is a risk as users may forget to change that and then their instance will be compromised. I think it would be better to have it missing and then let the system break, which would force users to set something locally.
I think having a default password in the .env is a risk as users may forget to change that and then their instance will be compromised. I think it would be better to have it missing and then let the system break, which would force users to set something locally.