-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker setup_password not working #527
Comments
the variable needs to be the hash variant - e.g. Use : VALUE=$(php -r "echo password_hash('something-goes-here', PASSWORD_DEFAULT);") or similar. |
Worked, thanks for help. |
add a bit more help to help with postfixadmin/postfixadmin#527
I think this is a painful logic |
More than one person has encountered this problem |
i wasn't aware it was such a problem. The docker image could look to see whether the env var you've defined for POSTFIXADMIN_SETUP_PASSWORD starts with a '$', and if not, could generate the bcrypt hash using the php stuff above? |
Maybe two variables: POSTFIXADMIN_SETUP_PASSWORD_HASH and POSTFIXADMIN_SETUP_PASSWORD_CLEARTEXT It makes the variable names self-documenting (since the issue seems to be people not reading README.md) and avoids magic strings. |
This has nothing to do with docker and special characters. And the question of password has been asked by many people. Which system can achieve 100% security, all you have to do is let the user define his user name and password, and provide him with the way to change his password after logging in, which is enough. Now you want users to set what md5hash and modify the files in the image, which seems to be something that primary school students do. Just when I wanted to use postfix admin, I encountered this painful logic, which has nothing to do with whether to read the document or not. |
this bug should probably really be in https://github.com/postfixadmin/docker ... |
@mmm8955405 you said ...
The setup password is used to restrict who can add new admin users, and see some defaulted error reporting/help for the system. It can't be stored in the SQL database as the setup page may be running before the database is ready. The setup.php page needs to be restricted so the public cannot see sensitive information and they shouldn't be able to add arbitrary super admins.
There's no need to modify files in the docker image. As an administrator setting up Postfixadmin you need to decide what password hashing mechanism you're going to use. You may have constraints due to supporting legacy users / software or what needs to integrate with the database (e.g. dovecot). |
… a setup_password
Hi,
I try run docker container:
docker run -e POSTFIXADMIN_DB_TYPE=sqlite \ -e POSTFIXADMIN_SETUP_PASSWORD=123456 \ --name postfixadmin \ -p 8080:80 \ postfixadmin
After start UI i try to autorization with setup_password = 123456 (http://localhost:8080/setup.php)
what am I doing wrong?
The text was updated successfully, but these errors were encountered: