search

SamuelTallet / MongoDB-PHP-GUI

Open-source graphical interface for MongoDB database. Written in PHP, JavaScript, HTML & CSS.
142 stars 33 forks source link

Login fields configurable via env vars #9

Closed cbakersdl closed 3 years ago

cbakersdl commented 3 years ago

For automated deployments it is desirable to pre-populate the login fields for user, host, port, database so these do not have to be looked up by the operator every time they need to login.

SamuelTallet commented 3 years ago

Thanks for idea. But I think it's dangerous to pre-populate the login fields via env vars, because if GUI URL is exposed at a moment, an attacker could take advantage of these. Using localStorage may be more secure...

pampatzoglou commented 2 years ago

being able to set up any app through the usage of environmental variables is the standard way to do so. This is in accordance with the 12-factor app guidelines as well as how most if not all cloud-native apps operate. I would love to see this in this project. As for the pre-populate part, this can be mitigated in multiple ways. For example, perform the auto-connect only if all the required variables are set (user, password, db, host, port). Please reconsider while keeping in mind that proper credential handling is the responsibility of the ops team that uses the service.