New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Change] allow_sign_up enabled by default #8743

Closed
themainframe opened this Issue Jun 29, 2017 · 2 comments

Comments

Projects
None yet
3 participants
@themainframe

themainframe commented Jun 29, 2017

Should allow_sign_up be enabled by default? It seems like this goes against secure by default principles by risking giving the public access to potentially-sensitive dashboards.

@daniellee

This comment has been minimized.

Member

daniellee commented Jun 29, 2017

Yes, agree. This was not a big deal a year or two ago but the situation has changed with lots of grafana instances now outside of company firewalls. See grafana/grafana-docker#85

@themainframe

This comment has been minimized.

themainframe commented Jun 30, 2017

Glad you agree @daniellee - I've done a little research and a rather alarming number of publicly-accessible Grafana instances do indeed have sign-up enabled. Of the domains I surveyed (1000), ~30% had it enabled.

@daniellee daniellee modified the milestones: 4.4.0 , 5.0 Jun 30, 2017

@torkelo torkelo modified the milestones: 4.4.2, 5.0 Jul 24, 2017

@torkelo torkelo changed the title from [Bug] allow_sign_up enabled by default to [Change] allow_sign_up enabled by default Jul 24, 2017

torkelo added a commit that referenced this issue Jul 24, 2017

@torkelo torkelo closed this in f5ed5c6 Jul 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment