Closed 99MengXin closed 1 year ago
Hi @99MengXin , thanks for the PR.
One thing I don't want is to force users (especially me) to have to log in all of the time. Would this code change make that happen, or is there a clever way that we can work around it? (e.g., if the USER and PASSWORD are missing from the .env file, don't require a login.) Or, does this merely need to be documented somewhere on the WIKI?
Cheers!
Hi @jzohrab ,
Got it, thanks. So, what should I do with this info? I wonder if I should just put a note in the wiki, with some comments in the .env.example*
files. I don't want to make this the default behaviour for the app, I know that I'll find it annoying. :-)
If you're OK with just wiki, that's super. There might be other possibilities (e.g., a special "APP_ENV=secure" or something in the .env file, and then mucking around with the configuration .yml file, per notes in https://symfony.com/doc/current/configuration.html), but I'm not sure if it will work out.
I'm OK with wiki, just let people know there is way to secure.
Users can follow this instruction and add the feature by themself.
Thanks very much @99MengXin for getting this started. I simplified the file a bit and committed it to the develop
branch, and added notes to the wiki about config (https://github.com/jzohrab/lute/wiki/Security). I'll use this for a bit and see how it goes, and will try it out again when I make release 2.0.1. Thanks!
Is your feature request related to a problem? Please describe. For people who want to have a simple login feature. ! important ! It can only stop regular people to mess up your database, b/c the password is plaintext. Maybe someone can help me to set/hash the password. For now, it's fine for me.
Describe the solution you'd like Just use
HTTP Basic Authentication
Add below lines in
.env
file and changeUSERNAME
as well asPASSWORD
, both default values are luteReplace all content in
./config/packages/security.yaml
as belowwhen@test: security: password_hashers:
By default, password hashers are resource intensive and take time. This is