some additional ideas for this solution:
1. If the user is still using the previous fixed token, we should print
a warning or error level log to hint the user to replace
2. If a user deploys a new node based on an APISIX cluster, two admin
API tokens may appear. We should give obvious hints in the changelog and
getting started. Although this is not code-level incompatibility.
Thanks,
Ming Wen, Apache APISIX PMC Chair
Twitter: _WenMing
Zeping Bai <bzp2...@apache.org> 于2022年1月26日周三 11:06写道:
> Agree to a scheme that removes fixed tokens and generates random tokens at
> startup.
>
> Best regards!
> Zeping Bai @bzp2010
>
> Ming Wen <wenm...@apache.org> 于2022年1月25日周二 16:28写道:
>
> > hello,
> > Apache APISIX has the fixed token of admin API in the configuration
> > file[1].
> > While we strongly recommend that users change this token, this is a
> > security risk anyway. We should use a more elegant solution to actively
> > solve this problem.
> >
> > My solution is:
> > 1. Remove these fixed tokens and change the default value to empty
> > 2. When Apache APISIX starts, if the token is found to be empty, it
> > will automatically generate a random token, and print the hint
> information
> > on the screen and in the log: random token is only applicable to the test
> > environment, please use a custom token in the generation environment and
> > write into the configuration file.
> > 3. The admin API does not accept the empty token.
> >
> > In this way, it will not affect the previous version, nor will it
> > affect the developer's experience of Apache APISIX, and enhance the
> > security.
> >
> > What do you think?
> >
> >
> > [1]
> >
> >
> https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L87-L100
> >
> > Thanks,
> > Ming Wen, Apache APISIX PMC Chair
> > Twitter: _WenMing
> >
>
