Hi, sorry, I didn't choose to reply to the email correctly just now, so I'll resend it for you.
About "ease of use": 1. In the current version, the user is recorded in the configuration file, and the function of configuration resolution is relatively simple. When deployed in the docker environment, the configuration cannot be overwritten by means of environment variables. 2. At the same time, the configuration file cannot be dynamically monitored to change the dynamic application configuration. About "security": I mean some of the most basic functions, such as password hash storage. I consider changing to use etcd to save user information and save user's password after hashed. Best regards! Zeping Bai Ming Wen <wenm...@apache.org> 于2021年8月10日周二 下午3:37写道: > > There are problems with ease of use and security. > > I did not get your point. Can you give me an example? > > Thanks, > Ming Wen, Apache APISIX PMC Chair > Twitter: _WenMing > > > Zeping Bai <bzp2...@apache.org> 于2021年8月10日周二 下午3:11写道: > > > Hi, everyone. > > > > Currently, dashboard only supports basic username + password login mode. > > Moreover, the password is stored in the configuration file and password > > hash > > is not supported. There are problems with ease of use and security. > > > > I have designed a scheme and a simple code prototype for this, and > > published > > it on GitHub [1]. I look forward to your feedback to help it become > better. > > > > [1] > > > https://github.com/apache/apisix-dashboard/pull/2010#issuecomment-895737216 > > > > Best regards! > > Zeping Bai > > >
