Closed TelDragon closed 1 year ago
tobiasbrunner
commented
1 year ago What do you mean with "management interface"?
but can the account be modified?
Modified how?
Because if the management address is exposed to the public network, there will be a great risk.
So lock it down then.
TelDragon
commented
1 year ago What do you mean with "management interface"?
but can the account be modified?
Modified how?
Because if the management address is exposed to the public network, there will be a great risk.
So lock it down then.
So the only way currently is to clock in
StrongMan/db. sqlite3
Edit the auth inside_ User
tobiasbrunner
commented
1 year ago Sorry, I've no idea what you are referring to.
TelDragon
commented
1 year ago Sorry, I've no idea what you are referring to.
Since the GUI only provides modification of the default password. No account name modification is provided. Can only be modified by modifying the database?
user John
sqlite3 db.sqlite3
SQLite version 3.43.0 2023-08-24 12:36:59
Enter ".help" for usage hints.
sqlite> select * from auth_user ;
1|pbkdf2_sha256$216000$bQCIGFkLdH1M$F0ml4mA3I1OyUac8w8EPHbLQD3Po5OfKC8mjTqj6n88=|2023-10-19 01:59:16.463687|0|John|Lennon||0|1|2023-10-19 01:51:21.524199|JohnAh, I see. Theoretically, you could add a superuser (i.e. admin) via python manage.py createsuperuser --settings=strongMan.settings.<local|production> and then use the /admin endpoint to manage users (the endpoint is always available, but you can't login with the "John" user as that's not a "staff" account).
But if you just want to rename the user, you can do that also directly via database (UPDATE auth_user SET username='<username>' WHERE id=1;.
Therefore, the management interface provides a default account password password.
When I was checking, I only saw the function of changing the password, but can the account be modified? Alternatively, you can add or delete accounts.
Because if the management address is exposed to the public network, there will be a great risk.