You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Thank you for submitting this pull request! We really appreciate you spending the time to work on these changes.
What is the motivation?
To prevent SurrealDB users from accidentally allowing unauthenticated access to their server. This is specially relevant for users running SurrealDB in cloud instances with publicly addressable network interfaces.
What does this change do?
Replaces the --auth flag with --unauthenticated, which defaults to false. If no flag is provided, the server will run with authentication and a message will no longer be printed announcing it to the user. If the --unauthenticated flag is provided, the server will run without requiring authentication and a warning will be printed.
@gguillemas should the flag possibly be --no-auth? I think that would be easier to remember and to type in compared to --unauthenticated
I was thinking the same thing originally. However, once I got down to implementing the change, I did not like the double negation of --no-auth being false by default, which may be a bit confusing. More importantly, I think not having authentication (i.e. --no-auth) and allowing unauthenticated access (i.e. --unauthenticated) are different things. I was worried some users would assume that --no-auth would prevent anyone from authenticating, when in reality it does quite the opposite and grants complete unauthenticated access (i.e. without credentials) to anyone.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
gguillemas
changed the title
Thank you for submitting this pull request! We really appreciate you spending the time to work on these changes.
What is the motivation?
To prevent SurrealDB users from accidentally allowing unauthenticated access to their server. This is specially relevant for users running SurrealDB in cloud instances with publicly addressable network interfaces.
What does this change do?
Replaces the
--authflag with--unauthenticated, which defaults tofalse. If no flag is provided, the server will run with authentication and a message will no longer be printed announcing it to the user. If the--unauthenticatedflag is provided, the server will run without requiring authentication and a warning will be printed.What is your testing strategy?
Ensure that existing tests pass.
Is this related to any issues?
No.
Does this change need documentation?
Yes, this needs an update on the CLI documentation page.
--authflag in 2.0 docs.surrealdb.com#549Have you read the Contributing Guidelines?