Andrius, Thank you for submitting this bug report with the associated patch. I am sorry it took four years for anyone to respond to it.
In some ways, I find your solution elegant. But I am uncertain how it would interact with setting up multiple instances. And I am also uncertain that it is a problem that needs fixing, in the sense that by default no instance is reachable when Redmine is first installed. If an admin has concerns that a new instance could be hacked before he can change the default admin password, then he can simply constrict the example Apache config files to only expose the new instance to a browser he controls during the initial setup, like localhost or a specific IP address. Alternately, it looks like it should be possible to change the default admin password via the command line before any instance is ever exposed via a manual apache configuration. https://stackoverflow.com/questions/30655292/is-there-a-rake-command-to-reset-a-redmine-admin-password I have not yet tested any of these commands, but if it is a concern that the default instance initially exposes a default password, perhaps we should add a list of commands to README.Debian a user can run to change the password before setting Apache to serve up the Redmine instance. -- Soren Stoutner [email protected]
signature.asc
Description: This is a digitally signed message part.
