Uploaded image for project: 'AeroGear'
  1. AeroGear
  2. AEROGEAR-6894

Remove admin/123 default credentials from push server

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • None
    • None

      src/main/java/org/jboss/aerogear/connectivity/users/PicketLinkDefaultUsers.java

      PicketLinkDefaultUsers.java
          //TODO this entire initialization code will be removed
    @PostConstruct
    public void create() {

        // developers!! developers!! developers!! developers!!

        Developer admin = new Developer();
        admin.setLoginName("admin");

        /*
         * Note: Password will be encoded in SHA-512 with SecureRandom-1024 salt
         * See http://lists.jboss.org/pipermail/security-dev/2013-January/000650.html for more information
         */
        this.identityManager.add(admin);
        this.identityManager.updateCredential(admin, new Password("123"));


        Role roleDeveloper = new SimpleRole("developer");
        this.identityManager.add(roleDeveloper);
        identityManager.grantRole(admin, roleDeveloper);
    }

      As per the comment at the top it looks like this is planned to be removed anyway, but we should get rid of it ASAP. Default admin credentials are always a bad idea.

              lholmqui@redhat.com Lucas Holmquist
              dfj_jira David Jorm (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: