Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
The shiro.ini file may needs some small improvements:
- The comment at the end
# To enfore security, comment the line below and uncomment the next one
is unclear/outdated.
- The default definitions for the admin user should be commented out to prevent accidental providing login under a default password. The current sections read
[users] # List of users with their password allowed to access Zeppelin. # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections admin = password1, admin user1 = password2, role1, role2 user2 = password3, role3 user3 = password4, role2
Attachments
Issue Links
- links to