sha174n commented on PR #35190: URL: https://github.com/apache/superset/pull/35190#issuecomment-3325473232
> Some questions that came up during group review: > > 1. Are we SURE this is comprehensive? Maybe we should add a disclaimer that this is an evolving set of best practices > 2. Deployment setups vary wildly... some of these steps may apply to some deployments and not others, and other deployments may have safety checks that are not included here. > 3. Should this even be a doc this long, or should we take all the sections/details you've written, and add details to the existing sections, and use the "checklist" as the main entry here to link to all of those detailed pages/instructions. > 4. Should we add a step to delete the default admin user? > 5. For consideration, we could enhance the installation/start scripts to be a more interactive CLI asking about these options, and warning about more of them at the end with "Warning: X / Y / Z. Proceed? (y/N)" Thanks, @rusackas! This is great feedback, and I appreciate you taking the time! To clarify: the goal was to create a centralized, comprehensive, production hardening guide that could serve as a living document for admins, and that could evolve as Superset improves and the threat landscape changes. I see real value in having a single place for this, especially in a checklist-like format. That being said, you've raised several valid points that will definitely improve it: Disclaimers (Points 1 & 2): Fully agree. I can add a disclaimer at the top stating that this is an evolving set of best practices and that administrators should adapt the guide to their specific deployment architecture. Default Admin User (Point 4): That's a good point! I will add a step to the "Authentication and Authorization" section recommending the deletion or disabling of the default admin user after a new administrative account has been configured. Structure (Point 3): I'm happy to discuss the structure further. My initial thought was that a single, long-form document is easier for an admin to follow from start to finish than navigating between multiple smaller pages, but I'm open to what the consensus is. Interactive CLI (Point 5): I love this idea! How can we propose this? I'll make the changes for points 1 & 2. Thanks again for the constructive feedback! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
