Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

more secure default setup #25

Open
nhooyr opened this Issue Mar 6, 2019 · 8 comments

Comments

Projects
None yet
5 participants
@nhooyr
Copy link
Collaborator

nhooyr commented Mar 6, 2019

The default usage for code-server should be a command to ssh into a server and setup the code-server and open a reverse ssh tunnel from code-server to a local host port that the user can access code-server through.

This way no password.

@ammario

This comment has been minimized.

Copy link
Contributor

ammario commented Mar 6, 2019

Another idea we had was oAuth with Google

@nhooyr

This comment has been minimized.

Copy link
Collaborator Author

nhooyr commented Mar 6, 2019

What would the advantages of that be?

@ammario

This comment has been minimized.

Copy link
Contributor

ammario commented Mar 6, 2019

No need to memorize or manage another password

@sn0n

This comment has been minimized.

Copy link

sn0n commented Mar 6, 2019

Unless user avoids Google Inc services because tracking and what not... #NotMeButSomeone

@ammario

This comment has been minimized.

Copy link
Contributor

ammario commented Mar 6, 2019

Well, eventually we could support multiple providers.

This would also make it easier to share access to a dev environment.

@sr229

This comment has been minimized.

Copy link

sr229 commented Mar 6, 2019

This seems just adding more complexity fwiw, I don't like this approach and most IDEs don't do it as well (Theia for instance doesn't have Auth, but they plan to have a basic one soon, Theia with Auth is basically in Che 7). Use a OAuth provider or a Basic auth strategy instead (Passport.js preferred since we can just plug a new auth strategy with Passport).

@nhooyr

This comment has been minimized.

Copy link
Collaborator Author

nhooyr commented Mar 6, 2019

@sr229 thats fine for some deployments but you could want a quick and easy setup which is what this accomplishes.

@ammario that seems fine to me, I'd prefer we go with Github as the default provider though just cause it fits the domain better.

@kylecarbs

This comment has been minimized.

Copy link
Member

kylecarbs commented Mar 8, 2019

We introduce a configuration when adding OAuth providers.

We'll need to have a discussion on the best way to provide this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.