Comments (3)
nepcore
commented on May 27, 2024
2
A lot of people run PufferPanel in some public facing capacity, for example to have easy access to their game server at home and then may even let their friends access that
Arguing that a user installing PufferPanel should be technically versed enough to understand the impact of bad passwords is a stance I can understand, but from experience have to say is sadly just not true and we need to also consider that some people set up PufferPanel to give other, less tech savvy users access to things like server consoles, configs, etc
Given that, to me it is entirely insane and completely failing to consider the effects of our choices if we were to allow bad passwords by default, warning boxes don't help either, especially those users that need to have those safeguards are surprisingly good at not even reading them
I'd suggest taking a look at getting some (free) password manager with decent browser integration (self hosted or otherwise) so you can just store a password fulfilling the requirement in there and let the password manager autofill it with one quick hotkey or button press
What I could potentially see at some point in the future is the idea of customizable password policies, that would allow the default to stay where it is (and improve as time demands it) while user specific scenarios like yours would need adjusting some configs rather than building from source to change a single integer, however our to do lists are too long for any promises, especially on features currently known to help exactly one persons use case
from pufferpanel.
Omeryl
commented on May 27, 2024
I'm going to put a hard disagree on this one, not everyone runs their stuff locally (and I'd argue most people are not on this project) and it should not allow those to lessen their security posture without their own tinkering to do so. If you really want to do that, build your own binaries.
from pufferpanel.
commented on May 27, 2024
I agree that we shouldn't put that kind of trust into every individual. So I've revised my request. Instead of removing the password requirements, a local pin code could be a better idea. qBittorrent webui implements a similar feature, where people on the local machine or network can bypass the password, while people accessing the webui from a remote machine must enter a password. I believe this is much safer and also more convenient.
from pufferpanel.
Related Issues (20)
- Lost access to my server HOT 4
- [question] HOT 2
- Port display
- ARM build for Docker image HOT 1
- Debian 12 "Bookworm" HOT 1
- PufferPanel Suddenly Shuts Down on Ubuntu 22.04 LTS Container in Proxmox HOT 7
- Sons of the forest template HOT 26
- How to activate the password recovery thingy HOT 1
- When trying to find server template with search bar, server get stuck. HOT 1
- Health check endpoint HOT 1
- environment no data available HOT 1
- Missing binary: Npm HOT 2
- could anyone update the discord.js template? last time it has been update dis 2 years ago and its broken asf HOT 1
- Help, I find bug HOT 1
- cannot access to pufferpanel server adress HOT 2
- Puffer
- Scroll bar with bookmarks HOT 1
- Q: Authorize requests HOT 1
- SFTP username contains invalid characters HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pufferpanel.