fix(security): remove active weak default API key from shipped config
default_config.yaml shipped api_keys.dev: "development-key-change-in-production" uncommitted/active, while the surrounding comment claimed it had been removed. On a non-loopback bind this is a publicly-known credential granting full LAN access. Restore the documented secure default (empty api_keys -> loopback-only anonymous, LAN rejected) and leave a commented example instead.
This commit is contained in:
@@ -15,11 +15,11 @@ auth:
|
|||||||
# - LAN requests are REJECTED with 401 (security default)
|
# - LAN requests are REJECTED with 401 (security default)
|
||||||
# To enable LAN access, uncomment the example below and replace the value
|
# To enable LAN access, uncomment the example below and replace the value
|
||||||
# with a secret you generated yourself (e.g. `openssl rand -hex 32`).
|
# with a secret you generated yourself (e.g. `openssl rand -hex 32`).
|
||||||
# The previous default `dev: "development-key-change-in-production"` has
|
# Do NOT ship a hard-coded key here — a publicly-known token grants full
|
||||||
# been removed — it shipped as a publicly-known token and any deployment
|
# LAN access to anyone on the network.
|
||||||
# that still uses it grants full LAN access to anyone on the network.
|
api_keys: {}
|
||||||
api_keys:
|
# api_keys:
|
||||||
dev: "development-key-change-in-production"
|
# my-client: "replace-with-output-of-openssl-rand-hex-32"
|
||||||
|
|
||||||
# Storage paths default to ./data relative to the server's working directory.
|
# Storage paths default to ./data relative to the server's working directory.
|
||||||
# Set LEDGRAB_DATA_DIR in the environment to point at a different data root
|
# Set LEDGRAB_DATA_DIR in the environment to point at a different data root
|
||||||
|
|||||||
Reference in New Issue
Block a user