Default to randomised password and warn user about password being stored in plaintext

[auri-f5bde6]

Partially solve #235

[KillerBOSS2019]

I don't think requiring "word-list" package is necessary. You could simply generate random characters by randomize number between 97-122 then convert that ascii value to a char String.fromCharCode(ascii_code)

[auri-f5bde6]

I don't think requiring "word-list" package is necessary. You could simply generate random characters by randomize number between 97-122 then convert that ascii value to a char String.fromCharCode(ascii_code)

I was told by @TibixDev to use the npm package, but I do somewhat agree (that's why I had the eff text list originally).
As for the second point, I opted for word/memorisable password, just in the odd case where a user might want to log into their VM though ways other than winboat. In that case, memorisable password would be a lot easier to type and remeber.

[KillerBOSS2019]

I don't think requiring "word-list" package is necessary. You could simply generate random characters by randomize number between 97-122 then convert that ascii value to a char String.fromCharCode(ascii_code)

I was told by @TibixDev to use the npm package, but I do somewhat agree (that's why I had the eff text list originally). As for the second point, I opted for word/memorisable password, just in the odd case where a user might want to log into their VM though ways other than winboat. In that case, memorisable password would be a lot easier to type and remeber.

How about instead of word, generate random 6 digits?

[auri-f5bde6]

Or we can just default the password to winboat, which achieves the same goal. But, there's also a possibility the user may wanna remotely connect to the VM, in which case, having a reasonably safe password would be a lot better as a default.

[KillerBOSS2019]

True, in that cause then user should choose their own password. Have a default password "winboat", give user warning and understand the risk. And give them the option to change default password to something else.

[auri-f5bde6]

p.s. just realised the program doesn't even run with the npm packages, not sure how I missed that

[auri-f5bde6]

True, in that cause then user should choose their own password. Have a default password "winboat", give user warning and understand the risk. And give them the option to change default password to something else.

In my opinion, memorable password is a good middle ground, but, perhaps. I just think the default should be reasonably safe, just in case if the user didn't read properly.

[auri-f5bde6]

But yeah! Thanks for the feedback, I'll have a think about it!

[gabrielecabrini]

If we merge #383 there's no need to warn user about plaintext password

[auri-f5bde6]

If we merge #383 there's no need to warn user about plaintext password

Hmm, but in my opinion, it doesn't change the fact that it's stored in plaintext in compose.yml regardless, so there should be a warning still.