Agree with this improvement, the default fixed token poses a significant
security risk.
On 1/26/22 10:08, JinChao Shuai wrote:
I think the solution is feasible and can greatly improve the security of
APISIX.
Baoyuan <baoyuan....@gmail.com> 于2022年1月25日周二 21:25写道:
Strongly agree that this can greatly reduce the security risk of APISIX.
please use a custom token in the generation environment and
write into the configuration file.
Do we need to provide this function to help users do it?
Ming Wen <wenm...@apache.org> 于2022年1月25日周二 16:28写道:
hello,
Apache APISIX has the fixed token of admin API in the configuration
file[1].
While we strongly recommend that users change this token, this is a
security risk anyway. We should use a more elegant solution to actively
solve this problem.
My solution is:
1. Remove these fixed tokens and change the default value to empty
2. When Apache APISIX starts, if the token is found to be empty, it
will automatically generate a random token, and print the hint
information
on the screen and in the log: random token is only applicable to the test
environment, please use a custom token in the generation environment and
write into the configuration file.
3. The admin API does not accept the empty token.
In this way, it will not affect the previous version, nor will it
affect the developer's experience of Apache APISIX, and enhance the
security.
What do you think?
[1]
https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L87-L100
Thanks,
Ming Wen, Apache APISIX PMC Chair
Twitter: _WenMing
