Fix: Document importance of username/password setup

ryanlelek · Aug 4, 2022 · 900c58b · 900c58b
1 parent 28b6e8a
commit 900c58b
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -30,6 +30,20 @@ Supported Node Versions:
 - v10.x.x (LTS)
 Please use the latest version available of the above major Node.js releases to ensure you have the latest security fixes! 
 
+Security
+--------
+Make sure you edit the default username and password in your `config.js` file.
+```
+##### WARNING #####
+// You MUST change the username and password for security
+// Do NOT use "admin" as a username as it's easily guessed.
+// You are encouraged to use tools to generate a password
+// Preferably, use a local password manager
+// If you absolutely must use an online tool, here are some suggestions
+// https://bitwarden.com/password-generator/
+// https://www.grc.com/passwords.htm
+```
+
 Links
 ---------------
 

diff --git a/example/config.default.js b/example/config.default.js
@@ -94,6 +94,14 @@ var config = {
   },
   secret: 'someCoolSecretRightHere',
 
+  // ##### WARNING #####
+  // You MUST change the username and password for security
+  // Do NOT use "admin" as a username as it's easily guessed.
+  // You are encouraged to use tools to generate a password
+  // Preferably, use a local password manager
+  // If you absolutely must use an online tool, here are some suggestions
+  // https://bitwarden.com/password-generator/
+  // https://www.grc.com/passwords.htm
   credentials    : [
     {
       username : 'admin',