[openstreetmap/openstreetmap-website] Adding users via script (appending Configure.md#managing-users) (#3136)

Andy Allan notifications at github.com
Wed Mar 17 15:04:14 UTC 2021

> Well you probably shouldn't be using `bundle exec rails server` in production - that's a toy server for development use.

Some people prefer to develop on remote machines, e.g. VMs, when collaborating with other people like designers or managers, or if they have low-end personal hardware without enough disk-space for what they are working on.

But in any case, our policy is to help developers set up their local development environments. We don't provide instructions for more than that, since there are an infinite variety of options, whether for development or deployment. So I don't intend to add the binding configuration to our setup instructions.

As for the original part of this issue - we need to be careful about instructions for setting up administrative users. If we set it up in the way that you suggest, then nobody can log in as that user since the password is unknown ("Str0ng_P4sSword" would be the crypt, not the password itself). If we set a specific crypt and state the password needed, then that's a security issue for when someone either opens their dev environment to the internet, or copies the database contents into their production environment. So I'd rather have the developer create an account through the web interface, choosing their own password, and then instructions for upgrading that account into an admin account. Since that's what we have now, I don't think there's anything to change. 

In any case, thank you @kallejre for your suggestion! If there are other aspects of setting up a development environment that you think we can improve, please let us know.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210317/196f9496/attachment.htm>

More information about the rails-dev mailing list