Andrius, I realized that the previous email I sent to this bug did not expressly copy the submitter, so you might not have seen it unless you were subscribed to the bug. Please see the text of the original email below:
Thank you for submitting this bug report with the associated patch. I am sorry it took four years for anyone to respond to it. In some ways, I find your solution elegant. But I am uncertain how it would interact with setting up multiple instances. And I am also uncertain that it is a problem that needs fixing, in the sense that by default no instance is reachable when Redmine is first installed. If an admin has concerns that a new instance could be hacked before he can change the default admin password, then he can simply constrict the example Apache config files to only expose the new instance to a browser he controls during the initial setup, like localhost or a specific IP address. Alternately, it looks like it should be possible to change the default admin password via the command line before any instance is ever exposed via a manual apache configuration. https://stackoverflow.com/questions/30655292/is-there-a-rake-command-to-reset-a-redmine-admin-password I have not yet tested any of these commands, but if it is a concern that the default instance initially exposes a default password, perhaps we should add a list of commands to README.Debian a user can run to change the password before setting Apache to serve up the Redmine instance. -- Soren Stoutner so...@debian.org
signature.asc
Description: This is a digitally signed message part.
