ZonaHex
commented
4 months ago Hello again! Thanks for your insights. This dashboard is mainly used as a web platform for the service of our standalone GreptimeDB. The username and password are used as HTTP authorization headers for GreptimeDB HTTP API. Related dashboard code is here. The basic auth would be passed to the API every time. Your opinion is absolutely right. I would look into this and find a more safe solution to store the password. You are more than welcome to share other thoughts if you want :) Best regards.
at the moment the password ist stored in plaintext (locally). I can reload the page and then toggle the password visible again. instead of this after a login a session token should be returned for verification (imo). At least the password shouldn't be stored in plaintext in local storage, this is definitely a bad practice.
best regards, thanks for your work