Fwd: [Bug 1103035] Re: Charm needed: Juju GUI
Nicola 'teknico' Larosa
nicola.larosa at canonical.com
Wed Jan 23 14:11:30 UTC 2013
>>>> Robert Ayres wrote:
>>>>> *If you use the 'user', 'password' config options then these
>>>>> can be obtained simply by accessing the URL -
>>>>> https://xxx/juju- ui/assets/config.js .
>>> Gary Poster wrote:
>>>> I am inclined to think that this is merely a warning that we
>>>> add to those configuration values. Alternatively, do we have a
>>>> use case for this other than improv? If we don't, maybe we
>>>> should remove these options as dangerous and only set the
>>>> admin/admin authentication with the "staging" module?
>> Nicola 'teknico' Larosa wrote:
>>> I like the second option more. The possibility to set supposedly
>>> secret credentials gives a sense of false security, since those
>>> credentials are not secret at all.
> Gary Poster wrote:
>> OK. Let me run this by Kapil and see if I can get his blessing on
>> the simple "staging options automatically sets the admin password"
>> approach, or another direction. I'll reply asap--I should see him
>> within the next two hours.
Gary Poster wrote:
> Kapil gave a +1 to removing the admin/password options and using the
> "staging options automatically sets the admin password," so if there
> are no objections, let's go that way.
Will do, thanks for pinning this down, Gary.
--
Nicola 'teknico' Larosa <https://launchpad.net/~teknico>
More information about the Juju-GUI
mailing list