DEPRECATED - Please see https://github.com/clarin-eric/switchboard for latest version - Code Repository for the Language Resources Switchboard of CLARIN
Other
1
stars
0
forks
source link
Nextcloud production credentials hardcoded and compromised #59
This must be changed so we can make this repository public.
To solve this issue I propose that we:
As soon as possible, manually change the credentials in the current running instances. In the Nextcloud side and in the Switchboard side. (this repository was already public and the credentials have leaked to multiple places)
Replace the credentials used on the committed code buy dummy ones (ideally) by something easy to replace automatically at boot time, like <user><password> or $user$password. This will make it easy to supply different credentials in the different deployed instances when starting them.
On the deployment machine we can then have a file containing the real credentials and replace them automatically.
claus-zinn
commented
5 years ago
The production credentials for the Nextcloud account used by the switchboard are hardcoded and part of this repository:
https://github.com/clarin-eric/LRSwitchboard/blob/5acc1948551d2747490597d4b43b8af46cb26ac8/webpack.config.js#L118
This must be changed so we can make this repository public.
To solve this issue I propose that we:
<user><password>or$user$password. This will make it easy to supply different credentials in the different deployed instances when starting them. On the deployment machine we can then have a file containing the real credentials and replace them automatically.