Breaking change: move to built-in auth
-
When we initially packaged Stirling-PDF, it didn't have built-in user authentication . We used Cloudron's proxyAuth for adding authentication layer.
Recent versions of Stirling-PDF have auth - https://github.com/Frooodle/Stirling-PDF/tree/main#login-authentication
Some important information about the change:
- The package will not automatically update because you have to change the username and password after update.
- The default credentials is admin / changeme . Please change password immediately.
- Additional users can be added in the settings page
- With this page, it's also easy to use Stirling-PDF API using X-API-Key
-
In case anybody wonders or is searching for it. There is no "real" admin page. You have to login as admin, then go to your account settings, and at the lower end, you find a "button" that brings you to an account administration page
-
Is it possible to deactivate user authentication for Sterling PDF? I run an instance as a free service for some of my clients and don't need authentication.
-
@jan-reinhardt
never underestimate bots that find your URL and use it -
@jan-reinhardt I have pushed an update for that. Once updated, edit
/app/data/configs/settings.yml. You can setsecurity.enableLoginto false.Just remember @RazielKanos 's warning . Stirling does not PDFs locally, so atleast you are protected again bad stuff being saved, but the processing of PDFs/documents is done on the server. This means that bad stuff can be uploaded to your server and will take CPU cycles. I don't know about your set up though, maybe this is a private internal server, in which case ignore all this.
-
@girish Thank you
I will think about @RazielKanos' warning. Is this 'only' a problem of bad stuff using up my ressources or could it have legal implications if my machine is used for bad stuff? -
@jan-reinhardt that's all I can think of. But maybe you can ask about the dangers of a public instance at https://github.com/Frooodle/Stirling-PDF/discussions
