[infinispan-issues] [JBoss JIRA] (ISPN-7816) Remove default APP/MGMT user/pwd in docker image

[Sebastian Łaskawiec (JIRA)]

    [ https://issues.jboss.org/browse/ISPN-7816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13425911#comment-13425911 ] 

Sebastian Łaskawiec commented on ISPN-7816:
-------------------------------------------

Together with [~NadirX] and [~gustavonalle] we have been talking about this issue. 

Looking at MariaDB template from OpenShift Mall we would like to have an environmental property for setting up password. If the property is not set, a random password should be generated. The [Infinispan OpenShift templates|https://github.com/infinispan/infinispan-openshift-templates/tree/master/templates] will use the same mechanism for generating passwords as [Maria DB's|https://github.com/openshift/library/blob/master/community/mariadb/templates/mariadb-ephemeral.json#L226-L231].

Also, we think it should be enough to have 1 user with authentication to manage all things in OpenShift (access all endpoints etc).

> Remove default APP/MGMT user/pwd in docker image
> ------------------------------------------------
>
>                 Key: ISPN-7816
>                 URL: https://issues.jboss.org/browse/ISPN-7816
>             Project: Infinispan
>          Issue Type: Sub-task
>            Reporter: Galder Zamarreño
>            Assignee: Galder Zamarreño
>
> Docker image allows passing in APP_USER and APP_PASS as env variables easily, but it provides default usernames and passwords for both APP and MGMT. These defaults should be removed since they're a security risk.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)