security(p0): set strong ADMIN_PASSWORD in .env and sync DB admin hash; remove hardcoded 'admin123' in example; update TODO
This commit is contained in:
HotSwapp
2
TODO.md
2
TODO.md
@@ -9,7 +9,7 @@
|
||||
### **Remove Hardcoded Credentials**
|
||||
- [x] **URGENT**: Remove `.env` file from git repository
|
||||
- [x] **URGENT**: Generate new SECRET_KEY (32+ character random string)
|
||||
- [ ] **URGENT**: Change default admin password from `admin123` to secure password
|
||||
- [x] **URGENT**: Change default admin password from `admin123` to secure password
|
||||
- [ ] **URGENT**: Implement proper environment variable management
|
||||
- [ ] **URGENT**: Add `.env` to `.gitignore` and commit
|
||||
- [ ] **URGENT**: Document secret rotation procedures
|
||||
|
||||
Reference in New Issue
Block a user