quarkus-bot[bot]
commented
7 months ago /cc @sberyozkin (security)
Open jcarranzan opened 7 months ago
quarkus-bot[bot]
commented
7 months ago /cc @sberyozkin (security)
jcarranzan
commented
7 months ago Also, area/documentation
michalvavrik
commented
7 months ago In the "Configuring the Application" section, a clear-text password is used in the INSERTS command SQL script. There is a note reminding us not to store clear-text passwords in production environments. Additionally, it is mentioned that the elytron-security-jdbc offers a built-in bcrypt password mapper. However, it would be great to show how to implement this or link to another source demonstrating the process.
There is an example https://es.quarkus.io/guides/security-getting-started-tutorial#define-the-user-entity and this guide is linked from the guide you reviewed.
It would be beneficial to mention in the "Testing Application" section how to start the database. For example, using a docker-compose YAML file and then executing docker-compose up would be a helpful addition.
That's Quarkus job, starting database would lower user experience. No action is required.
jcarranzan
commented
7 months ago From my point of view, placing the link you mention (https://quarkus.io/guides/security-getting-started-tutorial#define-the-user-entity) right where security is discussed with the built-in bcrypt password assigner would be appropriate.
michalvavrik
commented
7 months ago From my point of view, placing the link you mention (https://quarkus.io/guides/security-getting-started-tutorial#define-the-user-entity) right where security is discussed with the built-in bcrypt password assigner would be appropriate.
Sure, I agree, please create PR and place link there. Thanks!
michalvavrik
commented
7 months ago It would be beneficial to mention in the "Testing Application" section how to start the database. For example, using a docker-compose YAML file and then executing docker-compose up would be a helpful addition.
Database is started by Dev Services for PostgreSQL in case of this quickstart.
jcarranzan
commented
7 months ago It would be beneficial to mention in the "Testing Application" section how to start the database. For example, using a docker-compose YAML file and then executing docker-compose up would be a helpful addition.
Database is started by Dev Services for PostgreSQL in case of this quickstart.
ok that is in the quickstart example, but not follow the guide doc steps from scratch, because of that I've edited it in the description of the bug.
michalvavrik
commented
7 months ago It would be beneficial to mention in the "Testing Application" section how to start the database. For example, using a docker-compose YAML file and then executing docker-compose up would be a helpful addition.
Database is started by Dev Services for PostgreSQL in case of this quickstart.
ok that is in the quickstart example, but not follow the guide doc steps from scratch, because of that I've edited it in the description of the bug.
thanks
jcarranzan
commented
7 months ago From my point of view, placing the link you mention (https://quarkus.io/guides/security-getting-started-tutorial#define-the-user-entity) right where security is discussed with the built-in bcrypt password assigner would be appropriate.
Sure, I agree, please create PR and place link there. Thanks!
Describe the bug
I went through https://quarkus.io/version/main/guides/security-jdbc and found the following issues:
CREATE ROLE quarkus WITH LOGIN PASSWORD 'quarkus'; CREATE DATABASE elytron_security_jdbc; GRANT ALL PRIVILEGES ON DATABASE elytron_security_jdbc TO quarkus; \c elytron_security_jdbcand the docker-compose.yml to start the database (as I mentioned in the point 2)
Expected behavior
No response
Actual behavior
No response
How to Reproduce?
No response
Output of
uname -aorverNo response
Output of
java -versionNo response
Quarkus version or git rev
No response
Build tool (ie. output of
mvnw --versionorgradlew --version)No response
Additional information
No response