Open jcarranzan opened 7 months ago
/cc @sberyozkin (security)
Also, area/documentation
In the "Configuring the Application" section, a clear-text password is used in the INSERTS command SQL script. There is a note reminding us not to store clear-text passwords in production environments. Additionally, it is mentioned that the elytron-security-jdbc offers a built-in bcrypt password mapper. However, it would be great to show how to implement this or link to another source demonstrating the process.
There is an example https://es.quarkus.io/guides/security-getting-started-tutorial#define-the-user-entity and this guide is linked from the guide you reviewed.
It would be beneficial to mention in the "Testing Application" section how to start the database. For example, using a docker-compose YAML file and then executing docker-compose up would be a helpful addition.
That's Quarkus job, starting database would lower user experience. No action is required.
From my point of view, placing the link you mention (https://quarkus.io/guides/security-getting-started-tutorial#define-the-user-entity) right where security is discussed with the built-in bcrypt password assigner would be appropriate.
From my point of view, placing the link you mention (https://quarkus.io/guides/security-getting-started-tutorial#define-the-user-entity) right where security is discussed with the built-in bcrypt password assigner would be appropriate.
Sure, I agree, please create PR and place link there. Thanks!
It would be beneficial to mention in the "Testing Application" section how to start the database. For example, using a docker-compose YAML file and then executing docker-compose up would be a helpful addition.
Database is started by Dev Services for PostgreSQL in case of this quickstart.
It would be beneficial to mention in the "Testing Application" section how to start the database. For example, using a docker-compose YAML file and then executing docker-compose up would be a helpful addition.
Database is started by Dev Services for PostgreSQL in case of this quickstart.
ok that is in the quickstart example, but not follow the guide doc steps from scratch, because of that I've edited it in the description of the bug.
It would be beneficial to mention in the "Testing Application" section how to start the database. For example, using a docker-compose YAML file and then executing docker-compose up would be a helpful addition.
Database is started by Dev Services for PostgreSQL in case of this quickstart.
ok that is in the quickstart example, but not follow the guide doc steps from scratch, because of that I've edited it in the description of the bug.
thanks
From my point of view, placing the link you mention (https://quarkus.io/guides/security-getting-started-tutorial#define-the-user-entity) right where security is discussed with the built-in bcrypt password assigner would be appropriate.
Sure, I agree, please create PR and place link there. Thanks!
Describe the bug
I went through https://quarkus.io/version/main/guides/security-jdbc and found the following issues:
CREATE ROLE quarkus WITH LOGIN PASSWORD 'quarkus'; CREATE DATABASE elytron_security_jdbc; GRANT ALL PRIVILEGES ON DATABASE elytron_security_jdbc TO quarkus; \c elytron_security_jdbc
and the docker-compose.yml to start the database (as I mentioned in the point 2)
Expected behavior
No response
Actual behavior
No response
How to Reproduce?
No response
Output of
uname -a
orver
No response
Output of
java -version
No response
Quarkus version or git rev
No response
Build tool (ie. output of
mvnw --version
orgradlew --version
)No response
Additional information
No response