Comments (3)
A lot of people run PufferPanel in some public facing capacity, for example to have easy access to their game server at home and then may even let their friends access that
Arguing that a user installing PufferPanel should be technically versed enough to understand the impact of bad passwords is a stance I can understand, but from experience have to say is sadly just not true and we need to also consider that some people set up PufferPanel to give other, less tech savvy users access to things like server consoles, configs, etc
Given that, to me it is entirely insane and completely failing to consider the effects of our choices if we were to allow bad passwords by default, warning boxes don't help either, especially those users that need to have those safeguards are surprisingly good at not even reading them
I'd suggest taking a look at getting some (free) password manager with decent browser integration (self hosted or otherwise) so you can just store a password fulfilling the requirement in there and let the password manager autofill it with one quick hotkey or button press
What I could potentially see at some point in the future is the idea of customizable password policies, that would allow the default to stay where it is (and improve as time demands it) while user specific scenarios like yours would need adjusting some configs rather than building from source to change a single integer, however our to do lists are too long for any promises, especially on features currently known to help exactly one persons use case
from pufferpanel.
I'm going to put a hard disagree on this one, not everyone runs their stuff locally (and I'd argue most people are not on this project) and it should not allow those to lessen their security posture without their own tinkering to do so. If you really want to do that, build your own binaries.
from pufferpanel.
I agree that we shouldn't put that kind of trust into every individual. So I've revised my request. Instead of removing the password requirements, a local pin code could be a better idea. qBittorrent webui implements a similar feature, where people on the local machine or network can bypass the password, while people accessing the webui from a remote machine must enter a password. I believe this is much safer and also more convenient.
from pufferpanel.
Related Issues (20)
- How to activate the password recovery thingy HOT 1
- When trying to find server template with search bar, server get stuck. HOT 1
- Health check endpoint HOT 1
- environment no data available HOT 1
- Missing binary: Npm HOT 2
- could anyone update the discord.js template? last time it has been update dis 2 years ago and its broken asf HOT 1
- Help, I find bug HOT 1
- cannot access to pufferpanel server adress HOT 2
- Puffer
- Scroll bar with bookmarks HOT 1
- Q: Authorize requests HOT 1
- SFTP username contains invalid characters HOT 10
- Local node still showing as localhost despite
- Downloading from Github.com fails with dockerized templates HOT 1
- Minecraft - Java Edition: template for paper using wrong binary name
- Can't connect to pufferpanel via FileZilla HOT 1
- Passkey support HOT 5
- Support for More JDK Distributions HOT 3
- Installing FTB Modpack HOT 1
- Port not work HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pufferpanel.