Mysql has been generating an admin password on default installs for, like, forever. This workflow should be familiar for many users.
I'd suggest taking the automation tooling into account and how a production rollout (user-provided password) would fit into the workflow. Andrew On Tue, Feb 9, 2021, 8:15 PM Tony Kurc <[email protected]> wrote: > Joe, > In addition to your suggestions, were you thinking of making this processor > disabled by default as well? > > Tony > > > On Tue, Feb 9, 2021, 11:04 PM Joe Witt <[email protected]> wrote: > > > Team > > > > While secure by default may not be practical perhaps ‘not blatantly wide > > open’ by default should be adopted. > > > > I think we should consider killing support for http entirely and support > > only https. We should consider auto generating a user and password and > > possibly server cert if nothing is configured and log the generated user > > and password. Sure it could still be configured to be non secure but > that > > would truly be an admins fault. Now its just ‘on’ > > > > This tweet is a great example of why > > > > https://twitter.com/_escctrl_/status/1359280656174510081?s=21 > > > > > > Who agrees? Who disagrees? Please share ideas. > > > > Thanks > > >
