Add a mechanism that creates a user with default credentials, the password for which can be set with an environment variable. If the envar is not set, no user is created, or if one exists already, it is deleted.
The need for this came up when creating a new database from scratch: If there's no user in the database to login as, then we can't access the feature to add a new user, and are thus permanently logged out of the platform, barring some manual database queries.
I don't think this opens up any new attack vectors (if someone has access to setting the environment variables of the runtime environment then we are pretty screwed already), but let me know if you think otherwise.
Add a mechanism that creates a user with default credentials, the password for which can be set with an environment variable. If the envar is not set, no user is created, or if one exists already, it is deleted.
The need for this came up when creating a new database from scratch: If there's no user in the database to login as, then we can't access the feature to add a new user, and are thus permanently logged out of the platform, barring some manual database queries.
I don't think this opens up any new attack vectors (if someone has access to setting the environment variables of the runtime environment then we are pretty screwed already), but let me know if you think otherwise.