Automatic hashing password

sasanrose / phpredmin

Yet another web interface for Redis

BSD 3-Clause "New" or "Revised" License

404 stars 96 forks source link

Automatic hashing password #96

Open MikyWoW opened 5 years ago

MikyWoW commented 5 years ago

There should be password in plain text in docker-compose.yml Using hash is inconvenient.

environment:
            - PHPREDMIN_AUTH_USERNAME=UserName
            - PHPREDMIN_AUTH_PASSWORD=PlainPassword

You can hash it and save somewhere on first run index.php

$hash = GetHash();
if(!$hash){
$pwd = getenv('PHPREDMIN_AUTH_PASSWORD');
$hash = password_hash($pwd, PASSWORD_DEFAULT);
SaveHash($hash);
}
// login method

luongvm commented 5 years ago

Tbh, that could work, because I suppose that's a safe place and it can't leak, also you still have the options to inject secret variables in ci/cd. And you don't have to try to save it in the first run; hash it and store it while building your docker images instead.