composr installer wierd warning messages

Post

Posted
Rating:
#7338 (In Topic #2070)
friendly
Avatar
Standard member
friendly is in the usergroup ‘Community saint’
Im installing a different website. After downloading the Composr installer and extracting it... when I think I have finished Step 4 of 10 and click INSTALL COMPOSR, I get this message:

Are you sure you want such an insecure Master password password? This will leave your installation and webhosting wide open to attack. You should use at least 8 characters and a combination of lower case, upper case, digits, and punctuation symbols.

after clicking OK, I get this further message:

REALLY? Are you sure you want such an insecure Master password password? This will leave your installation and webhosting wide open to attack. You should use at least 8 characters and a combination of lower case, upper case, digits, and punctuation symbols.

I am stunned because I used the generated password the installer suggested, which by the way was the same one as it suggested for the Administration password! What?

I never got these messages on my previous install of another website - that one went through all the steps without a hitch.

 

Art and Imagination
of David L Friend
http://davidlfriend.com
  My Business Art Gallery
powered by ocPortal
Online now: No Back to the top

Post

Posted
Rating:
#7339
Chris Graham
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
Hey David,

Actually Composr doesn't recommend any passwords at all. My guess is this is the browser doing form autofill from some past password.

The concern is bots automatically hammering against the master password. As things like the config editor, code editor, and upgrader, are simple scripts, there's really no kind of special flood protection, and the presence of bots online means nobody may even intend to be trying to hack you specifically but you could still be a target.

Further, there are corporate security standards we meet that say we do need to apply certain standards.

Become a fan of Composr on Facebook or add me as a friend. Add me on on Mastodon. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top
1 guest and 0 members have just viewed this.
Back to Top