Disable the creation of the demo users by default #3181
Labels
Category:Change
Change existing functionality
Priority:p3-medium
Normal priority
Topic:Security
Type:Story
User Story
Comments
micbar
added
Category:Change
|
Thanks carlos for pointing it out. IMO we should solve this during build time. The locally self compiled binary should still have the demo users, and the docker image and the official binary should set the value to |
|
To have a secure oCIS instance, there is more than deleting the demo users. I agree on having them disabled by default for released binaries as soon as were in Beta. But we should also find a solution for the default secrets (https://owncloud.dev/ocis/deployment/#secure-an-ocis-instance), at least for the single process use case. |
13 tasks
micbar
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By default, the demo users are enabled,
I would propose by default to have:
and only if the developers want to have a testing environment could be enabled.
Otherwise, this could produce a security issue if someone forgets it.
Acceptance criteria
[ ] demo users are not created when starting oCIS out of the box (docker, binary)
[ ] getting started doc needs adjustments
[ ] test deployments need to enable demo users explicitly
[ ] tests in web repository need to be adapted (eg. check if they still work)
[ ] deployments in web repository need to be checked
[ ] enable demo user in VS code launch config
[ ] setting service doesn't assign roles to demo users if flag is set to false
The text was updated successfully, but these errors were encountered: