-
Notifications
You must be signed in to change notification settings - Fork 476
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
As a developer, I don't want to go through the "pick a stronger password" song and dance every time I install Dataverse #4178
Comments
We had considered this when we made the change and thought it was good that it triggers the reset, since we don't want installations to the default. Closing, unless I'm missing a better argument to not have it work this way. |
@pameyer any more thoughts on this? I observed this as well but I wasn't sure if it's a problem or not. It's a little annoying that I can't just tell people, "I installed Dataverse on this test server and the dataverseAdmin password is the default" anymore. I have to coordinate with people on what the password was changed to. It's slightly annoying and new behavior as of 4.8. |
Re-opening so I remember to discuss with @scolapasta . My thinking was that the default installation options were targeted at development/staging (aka - non-production); which was the logic used for restricting |
Any thoughts on what a good development approach for this would be? Super-user API? Documentation of PSQL commands? Something else? |
Isn't it the installer that sets it? I don't know why we didn't make the change there originally. That was my argument at least. Intentionally triggering errors, despite being well intended, is really just annoying and bad UX. |
@mheppler the installer does set it. Possibly one alternative approach would be to allow the installer to take an optional argument/parameter for what the dataverseAdmin password should be. |
@mheppler yes, it's set at https://github.com/IQSS/dataverse/blob/v4.9.2/scripts/api/setup-all.sh#L60 ( |
A few comments:
|
I forgot to update this issue a while back after @scolapasta and I discussed it; but people using the default password in production is not good, and probably something that should be discouraged. I don't think we came to any agreement about if the default installation should result in a production installation, demo/evaluation installation, developer installation - it seems like it's a mix of all three, and probably not something to sort out here. My suggestion (and @mheppler should get credit for the inspiration) was to use a password if one is provided, otherwise leaving it as the current default (and so keeping the current change prompt); not to prompt for yet another thing during installation. Sound reasonable? |
@pameyer and I discussed and we closed pull request #5182 in favor of pull request #5201 and are moving this to QA. To test, follow the updated conf/docker-aio/readme.md which shows the new password and boils down to running |
I discussed this issue with @mheppler and @TaniaSchlatter today while helping them (successfully!) spin up new instances of Dataverse on EC2 using the script at http://guides.dataverse.org/en/4.9.4/developers/deployment.html They seemed to be in favor of not needing to change the password for the dataverseAdmin user every time they spin up an instance. |
@pameyer because pull request #5174 has been merged I believe I have the hooks in need in this repo to make it so the design team and others using the ec2 script don't have to go through the "pick a stronger password" steps but I'll still need to coordinate yet more variables on the dataverse-ansible side with @donsizemore to ultimately pass here: https://github.com/IQSS/dataverse-ansible/blob/b6daf04645148275a429284e0ff457bf7d4f7072/tasks/dataverse-postinstall.yml#L22 This is assuming that pull request #5201 gets merged, of course. 😄 |
…averseAdmin make password for dataverseAdmin configurable #4178
admin1 is what @mheppler and I use on "phoenix" and other servers. See also IQSS/dataverse#4178
Default / development password for
dataverseAdmin
doesn't meet new password complexity rules and triggers the reset page.The text was updated successfully, but these errors were encountered: