Security of the app #36
Description
Hello,
- This app requires that both
CASSANDRA_USERNAMEandCASSANDRA_PASSWORDare defined.
This means that anyone accessing the URL of the webapp automatically has full access to the database.
Not only that, it also means that the superuser's password is hardcoded in a file.
Would it be possible to not have to provide these environment variables, and instead have a Log In front page, where we can just enter the username and password?
- The HTML assets are using absolute paths:
<link rel="stylesheet" href="/css/bootstrap.css">
<link rel="stylesheet" href="/css/bootstrap-theme.css">
<link rel="stylesheet" href="/css/codemirror.css">
<link rel="stylesheet" href="/css/codemirror-solarized.css">
<link rel="stylesheet" href="/css/prism.css">
<link rel="stylesheet" href="/css/style.css">
Is it possible to either make these "relative" paths (instead of absolute), or allow us to provide an environment variable that says what the "prefix" should be?
That way, we'd be able to set this webapp inside a subpath, e.g. admin.mydomain.com/cassandra-web/
- If running this on Docker, it would be nice to be able to provide the name of the database server, e.g. "cassandra-db", instead of having to hardcode the IP.
Thank you very much