Admin password blank by default, must be proactively set

[IanDavey]

The admin password has to be set manually in the user manager upon a fresh install, otherwise it is blank. This encourages bad security practice among DBAs and could increase the likelihood and severity of breaches if deployed at scale.

Possible solution: screen at setup similar to eXist's for setting the admin password.

[adamretter]

Hi @IanDavey, thanks for your issue report. I agree that having a default empty password is not great.

There are some platforms (Linux/Unix) where the installation is unattended as we install a .deb or .rpm package. Ideally I would like a similar mechanism for setting an initial password on all platforms.

I have been thinking about, having an initial configuration webpage which is shown after the database is installed. It would show this after installation, and require you to set a password and maybe a couple other things, before starting the server properly for the first time.

How does that sound?

[IanDavey]

Similar to the current page that lets you select VM properties? That sounds good to me.

[adamretter]

@IanDavey The current VM properties stuff on Windows is a JavaFX panel which is launched from the system tray. This would instead be a webpage which you see the first time you visit http://localhost:4059

[adamretter]

I have scheduled this for Alpha 3 - https://github.com/evolvedbinary/fusiondb-server/wiki/Road-Map