You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/10/06 14:33:05 UTC

[GitHub] [apisix-dashboard] nic-chen opened a new issue #538: bug: authentication security issue

nic-chen opened a new issue #538:
URL: https://github.com/apache/apisix-dashboard/issues/538


   Please answer these questions before submitting your issue.
   
   - Why do you submit this issue?
   - [ ] Question or discussion
   - [x] Bug
   - [ ] Requirements
   - [ ] Feature or performance improvement
   - [ ] Other
   
   
   ___
   ### Bug
   
   We should not use a fixed value as the default secret key of jwt token. 
   
   If the user does not modify the default Secret key, then others can generate tokens, and the account and password are useless. 
   
   I think we need to randomly generate a secret key during the first run.
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] nic-chen closed issue #538: bug: authentication security issue

Posted by GitBox <gi...@apache.org>.

nic-chen closed issue #538:
URL: https://github.com/apache/apisix-dashboard/issues/538


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] nic-chen commented on issue #538: bug: authentication security issue

Posted by GitBox <gi...@apache.org>.

nic-chen commented on issue #538:
URL: https://github.com/apache/apisix-dashboard/issues/538#issuecomment-710100886


   fixed.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] juzhiyuan commented on issue #538: bug: authentication security issue

Posted by GitBox <gi...@apache.org>.

juzhiyuan commented on issue #538:
URL: https://github.com/apache/apisix-dashboard/issues/538#issuecomment-704625515


   would this be fixed in 1.6 before 16.10?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] nic-chen commented on issue #538: bug: authentication security issue

Posted by GitBox <gi...@apache.org>.

nic-chen commented on issue #538:
URL: https://github.com/apache/apisix-dashboard/issues/538#issuecomment-704889158


   I think we could fix it in 1.6


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org