Comments (3)
kfrico
commented on June 24, 2024
Hello,
- This app requires that both
CASSANDRA_USERNAMEandCASSANDRA_PASSWORDare defined.
This means that anyone accessing the URL of the webapp automatically has full access to the database.
Not only that, it also means that the superuser's password is hardcoded in a file.Would it be possible to not have to provide these environment variables, and instead have a Log In front page, where we can just enter the username and password?
- The HTML assets are using absolute paths:
<link href=/static/css/chunk-vendors.62e245e7.css rel=preload as=style> <link href=/static/css/index.9c79d7e1.css rel=preload as=style> <link href=/static/js/chunk-vendors.f1428dfc.js rel=preload as=script> <link href=/static/js/index.ab7d7262.js rel=preload as=script> <link href=/static/css/chunk-vendors.62e245e7.css rel=stylesheet> <link href=/static/css/index.9c79d7e1.css rel=stylesheet> <script src=/static/js/chunk-vendors.f1428dfc.js></script> <script src=/static/js/index.ab7d7262.js></script>Is it possible to either make these "relative" paths (instead of absolute), or allow us to provide an environment variable that says what the "prefix" should be?
That way, we'd be able to set this webapp inside a subpath, e.g.
admin.mydomain.com/cassandra-web/Thank you very much
Environment variables are not stored in files. If you need a login page, it is recommended to place a proxy in front of it. For example, you can use NGINX with basic authentication for a simple login mechanism.
from cassandra-web.
ghnp5
commented on June 24, 2024
Thank you for your response. I appreciate.
I do have Nginx with authentication, actually.
However,
-
I wanted to test logging in as a different Scylla user/role I created, to ensure the permissions are correct (in that it can only read the tables it was granted to), and the only way to do this was to change the env vars and restart the container.
-
Environment variables in Docker are stored either in the "docker-compose.yml" itself, or in a separate "db.env" file, which was the case.
-
Even if I stored them in a more secure way, I noticed that when I run
ps aux, the username and password were there, because of the command this program runs.
There would be a lot more flexibility, and would be a lot more secure, if we could have a login page where we can login as the user/role we want.
That's how phpMyAdmin, adminer, and pretty much every other web UI for databases I know of, are.
Thank you very much.
from cassandra-web.
kfrico
commented on June 24, 2024
2. The HTML assets are using absolute paths:
commit v1.1.2 fix relative path
from cassandra-web.
Related Issues (20)
- Fail to build on v1.0.4 because of filure to make client.go HOT 1
- Unable to connect to cassandra: unable to create session: unable to discover protocol version: authentication required HOT 5
- Helm 3 chart usage HOT 2
- Feature request: Support multiple Cassandra nodes HOT 2
- Can't get data HOT 3
- Read Only View And Read Write view HOT 5
- missing ingress.yaml in helm chart HOT 1
- The describe function not work in provided helm app HOT 2
- Publish Helm chart HOT 1
- Security and compliance updates for goland and alpine
- Helm Chart Ingress Labels are broken HOT 2
- Need to be able to configure service port and targetPort separately in helm chart. HOT 2
- Support Cassandra 4.0 HOT 2
- cassandra-web 在 scylla升級後無法使用 export HOT 2
- Edit/Delete has problem with strings containing numbers containing leading zeros HOT 1
- [QUESTION]: Cassandra SSL connection HOT 1
- Getting An error HOT 7
- Two Remote Code Execution vulnerabilities in this project... HOT 2
- This Docker build is not compatible with ARM platform
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cassandra-web.