Skip to content

Improve container security by removing hardcoded password #33537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Improve container security by removing hardcoded password #33537

wants to merge 2 commits into from

Conversation

@kazan417
Copy link

@kazan417 kazan417 commented Feb 8, 2025

This removes hardcoded password from dockerfile and adds variable PASS to entrypoint

@kazan417
move setting password from hardcoded to variable
bbb107e 
Moves code for setting password from hardcoded Dockerfile to entrypoint variable
@kazan417
Remove hardcoded password
7b6c5d9 
Improve seecurity of container by removing hardcoded password
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 8, 2025
@wxiaoguang
Copy link
Contributor

wxiaoguang commented Feb 11, 2025

  1. The "git:*" is not hard-coded password: it just makes the account to be "unlocked" and unable to login via password.
  2. The git account shouldn't have a password set, it is designed to disallow password login. So passing PASS env breaks the design.

Could you elaborate why you need this change? TBH I think it only lowers the security if some users mis-configured the "PASS" env.

@wxiaoguang wxiaoguang added the issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail label Feb 11, 2025
@kazan417
Copy link
Author

kazan417 commented Feb 13, 2025

  1. The "git:*" is not hard-coded password: it just makes the account to be "unlocked" and unable to login via password.
  2. The git account shouldn't have a password set, it is designed to disallow password login. So passing PASS env breaks the design.

Could you elaborate why you need this change? TBH I think it only lowers the security if some users mis-configured the "PASS" env.

  1. Sorry for my bad knowledge.
  2. Realistically no need PASS variable. It was added because of misunderstood design of gitea.
  3. Thank you for explanation.

@kazan417 kazan417 closed this Feb 13, 2025
@go-gitea go-gitea locked as resolved and limited conversation to collaborators May 14, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. modifies/internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kazan417 @wxiaoguang @GiteaBot