agree with store the user info in etcd, it is easier to manage
On 2021/08/10 13:08:03, Zeping Bai <bzp2...@apache.org> wrote: > Hi, sorry, I didn't choose to reply to the email correctly just now, so > I'll resend it for you. > > About "ease of use": > 1. In the current version, the user is recorded in the configuration file, > and the function of configuration resolution is relatively simple. > When deployed in the docker environment, the configuration cannot > be overwritten by means of environment variables. > 2. At the same time, the configuration file cannot be dynamically > monitored to change the dynamic application configuration. > > About "security": I mean some of the most basic functions, such as password > hash storage. > > I consider changing to use etcd to save user information and save > user's password after hashed. > > Best regards! > Zeping Bai > > Ming Wen <wenm...@apache.org> 于2021年8月10日周二 下午3:37写道: > > > > There are problems with ease of use and security. > > > > I did not get your point. Can you give me an example? > > > > Thanks, > > Ming Wen, Apache APISIX PMC Chair > > Twitter: _WenMing > > > > > > Zeping Bai <bzp2...@apache.org> 于2021年8月10日周二 下午3:11写道: > > > > > Hi, everyone. > > > > > > Currently, dashboard only supports basic username + password login mode. > > > Moreover, the password is stored in the configuration file and password > > > hash > > > is not supported. There are problems with ease of use and security. > > > > > > I have designed a scheme and a simple code prototype for this, and > > > published > > > it on GitHub [1]. I look forward to your feedback to help it become > > better. > > > > > > [1] > > > > > https://github.com/apache/apisix-dashboard/pull/2010#issuecomment-895737216 > > > > > > Best regards! > > > Zeping Bai > > > > > >
