Default password set. Should ask for password on install.

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Install the server
2. Install the client
3. Password is there already. Set to "azerty"

What is the expected output? What do you see instead?
Prompt for password.

What version of the product are you using? On what operating system?
The most recent one.

Please provide any additional information below.

Original issue reported on code.google.com by fuut...@gmail.com on 6 Mar 2010 at 7:58

[GoogleCodeExporter]

detect "on install" is not easy
i prefer to set a default password at the moment

Original comment by pierredu...@gmail.com on 7 Mar 2010 at 6:42

• Added labels: Priority-Low, Type-Enhancement, Usability
• Removed labels: Priority-Medium, Type-Defect

[GoogleCodeExporter]

Hi,
from the usability point of view I don't see any improvement. It will be 
barrier for normal (BFU) users.
Security? It is not so huge issue in this case, isn't it?

IMHO this should be closed.

Do you have any arguments, fuutott?

Original comment by milan.jaros on 5 May 2010 at 6:24

[GoogleCodeExporter]

Would it be possible to generate a password on first run, and save it to the 
registry?

Would you like your accountant to have this installed so someone could browse 
around 
their pc? Or your bank manager?

With a default password this should be considered a backdoor/trojan horse.

Original comment by fuut...@gmail.com on 5 May 2010 at 7:05

[GoogleCodeExporter]

Hmmm. 
Ad generate pass) I don't think this is easy to implement. Maybe there could be 
first
connection with some default password or without and then server and client 
could
talk about password they will use (three way handshake). 

I'm not sure with examples you provided. I'll think about it and share my point 
of
view then. 
You can install that soft to your accountant/manager/etc. and set the password.

It is not easy to store this password safely. Note the server is multi-platform.

Thank you for your comments. ;)

I'm looking forward to next dialogue,
Milan

Original comment by milan.jaros on 5 May 2010 at 7:37

[GoogleCodeExporter]

i agree that a default password is a security concern.

both ideas i believe could work:
1. on app first run, require a 'default' password to be entered.  on server 
install, require a 'default' password to be entered.

2. keep the default password as it is, force the client/server to determine (on 
their own) a new password that is unique to the hardware/network/connection 
being used...then keep all of the rest the same for setting a new password, and 
creating a profile.

very much interested in this being implemented.

Original comment by dusth...@gmail.com on 16 Jul 2010 at 3:31