Prohibit users from choosing their own passwords #9
Labels
No Label
art
big
blocked
bug
ci-cd
crash report
disputed
documentation
duplicate
feature request
good first issue
packaging
question
security
techdebt spring cleaning
testing
wontfix
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Projects/mysqladm-rs#9
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
When users have to choose and set a password for each database user, some are bound to either use a very bad password, or use their existing system account password. This will potentially leave their PVV/NTNU passwords laying around in random env-files and such, for applications using the database.
This could for example be implemented with an option in the configuration file that allows/disallows the "set password" feature.
The user should instead always be able to select an option to "generate a secure password and show once", like the access tokens found on GitHub and many other platforms. If they want to retrieve the password, they should rather change it by generating a new random key.
Feature: Prohibit users from choosing their own passwordsto Prohibit users from choosing their own passwords