Team While secure by default may not be practical perhaps ‘not blatantly wide open’ by default should be adopted.
I think we should consider killing support for http entirely and support only https. We should consider auto generating a user and password and possibly server cert if nothing is configured and log the generated user and password. Sure it could still be configured to be non secure but that would truly be an admins fault. Now its just ‘on’ This tweet is a great example of why https://twitter.com/_escctrl_/status/1359280656174510081?s=21 Who agrees? Who disagrees? Please share ideas. Thanks
