Better instructions for basic_auth in the readme file
egeersoz opened this issue · comments
Ege Ersoz commented
In the readme file, under the "Add dashboard access on all environments (including production)" section, there is this example for setting up basic authentication for a dashboard route:
pipeline :admins_only do
plug :basic_auth, username: "admin", password: "a very special secret"
end
But I think this is a bad example because you shouldn't hardcode passwords into the application code. The last thing we want as a community is to encourage practices that are not secure. :) You'll probably want to use environment variables or something similar, right?
Could the readme file be enhanced with instructions that are more realistic for production?