Skip to content

Security of the app #36

@ghnp5

Description

@ghnp5

Hello,

  1. This app requires that both CASSANDRA_USERNAME and CASSANDRA_PASSWORD are defined.
    This means that anyone accessing the URL of the webapp automatically has full access to the database.
    Not only that, it also means that the superuser's password is hardcoded in a file.

Would it be possible to not have to provide these environment variables, and instead have a Log In front page, where we can just enter the username and password?

  1. The HTML assets are using absolute paths:
    <link rel="stylesheet" href="/css/bootstrap.css">
    <link rel="stylesheet" href="/css/bootstrap-theme.css">
    <link rel="stylesheet" href="/css/codemirror.css">
    <link rel="stylesheet" href="/css/codemirror-solarized.css">
    <link rel="stylesheet" href="/css/prism.css">
    <link rel="stylesheet" href="/css/style.css">

Is it possible to either make these "relative" paths (instead of absolute), or allow us to provide an environment variable that says what the "prefix" should be?

That way, we'd be able to set this webapp inside a subpath, e.g. admin.mydomain.com/cassandra-web/

  1. If running this on Docker, it would be nice to be able to provide the name of the database server, e.g. "cassandra-db", instead of having to hardcode the IP.

Thank you very much

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions