What about preventing APISIX from starting if the admin token is absent, and only allow running if user run APISIX with the flag `--allow-empty-admin-token` or whatever anything else.
Best regards Chao Zhang https://github.com/tokers On Tue, Jan 25, 2022 at 4:28 PM Ming Wen <wenm...@apache.org> wrote: > > hello, > Apache APISIX has the fixed token of admin API in the configuration > file[1]. > While we strongly recommend that users change this token, this is a > security risk anyway. We should use a more elegant solution to actively > solve this problem. > > My solution is: > 1. Remove these fixed tokens and change the default value to empty > 2. When Apache APISIX starts, if the token is found to be empty, it > will automatically generate a random token, and print the hint information > on the screen and in the log: random token is only applicable to the test > environment, please use a custom token in the generation environment and > write into the configuration file. > 3. The admin API does not accept the empty token. > > In this way, it will not affect the previous version, nor will it > affect the developer's experience of Apache APISIX, and enhance the > security. > > What do you think? > > > [1] > https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L87-L100 > > Thanks, > Ming Wen, Apache APISIX PMC Chair > Twitter: _WenMing
