-
-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error 500 on user login #272
Comments
Seems to be mariadb upgraded but not the schema (???), and causing a lot of fails:
Which is weird, as I did not upgrade mariadb recently. |
With `MYSQL_ALLOW_EMPTY_PASSWORD=yes` it will use the default `MYSQL_ROOT_PASSWORD=`, resulting in the root user having an EMPTY PASSWORD per default, too easily resulting in anonaddy#272.
Oh sorry @willbrowningme. |
Your DB might have been publicly exposed because of bad configuration in your stack I assume. What's your compose configuration looks like? DB is not exposed in our examples: docker/examples/compose/compose.yml Lines 4 to 18 in fd6c9fb
|
The compose file uses the provided example.
MYSQL_USER=luckydonald
MYSQL_PASSWORD=2346ljkdfjsdfgj32409#1215t24399DHKZ45z9bdß043tkldvsvbjn4btn-asdfag,sf342659023 All I added was a phpmyadmin container, adding the service as in their example compose. I would log in with the user |
Not sure if you don't share your compose file and we also don't have anything like this in our examples. If you expose your phpmyadmin instance publicly with the internal db exposed through it then it's probably why your db got hacked. Closing as this is not reproducible with our exmaples. |
I don't understand why you deliberately want the root user to have the very insecure password |
It didn't got hacked, someone used the default password you set to |
What is provided in https://github.com/anonaddy/docker/tree/master/examples are just examples to have a anonaddy compose stack running. Up to anyone to tweak it based on their needs but setting root password in our examples is not needed as the db is only exposed to the app. You can either use https://mariadb.com/kb/en/mariadb-server-docker-official-image-environment-variables/#mariadb_random_root_password-mysql_random_root_password or https://mariadb.com/kb/en/mariadb-server-docker-official-image-environment-variables/#mariadb_root_password_hash-mariadb_root_password-mysql_root_password if you need to in your case. I would not mind if we set |
That's a good solution. Thanks. |
I'm unable to login to my selfhosted instance. Emails are not redirected either.
v1.1.0
Don't know what could have changed. I'm seeing no log output on the php docker.
The text was updated successfully, but these errors were encountered: