Towards a more secure default setup
Shipping with a default account user name and password is considered
an authentication anti-pattern; see
http://code.google.com/p/owasp-development-guide/wiki/WebAppSecDesignGuide_D2
By making the user select an admin user name and password at the time
they create the database, we avoid the chance that they will forget to
change the default password and leave their system open to access.
Next step is to change the seed data to insert random values for the
admin username and password, then update the documentation accordingly.
git-svn-id: svn://svn.open-ils.org/ILS/trunk@19199
dcc99617-32d9-48b4-a31d-
7c20da2025e4
projects / Evergreen.git / commit