On Mon, Aug 6, 2012 at 7:14 PM, Justin Deoliveira <jdeol...@opengeo.org> wrote: > > What if on migration we generated a random password for the root account. > And also provide the plain text version of it (perhaps in a supplementary > file next to the master password file). Anyways, the idea would be for the > admin doing the upgrade to check this file, and change the master password > immediately. It would be more secure than a default password since you would > really need access to the server file system to get at it. > > Regardless, whatever we choose will have to be clearly documented and should > be made clear in any blog posts or releases notes.
How about just having the master password be equal to the "admin" user password, if that user is present? Would make for a reasonable upgrade for most people. > Yeah, in general we have always lagged behind a bit in terms of the > configurations we store in version control. One of the nice things about > this is that it forces the devs to constantly deal with backward > compatibility. Given that the first bit of a new stable release tends to be > a bit "unstable" it seems safer to keep the official configuration lagging > behind a bit. But eventually yes I think we should change it. Agreed >> Next, it is not necessary to have an "admin" user because we have the >> "root" user. The advantage of having no "admin" user is to force people to >> do a master password change, the disadvantage is that the "admin" user is >> referenced in the documentation very often. >> > Well I do think they serve different purposes as the admin account is used > for day to day administration and the root account is really just a backdoor > in cases where something has really been fowled up... Agreed > >> >> Please remember, the master password used by "root" is also used to >> protect the new geoserver key store. This password is the Achilles tendon of >> the system. >> >> Opinons ? Ouch, let's not talk about Achille's tendons, I already teared apart one! :-p Cheers Andrea -- == Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 962313 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
