mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
ref-manual: add a note about hard-coded passwords
It seems prudent to point out that hard-coding passwords in the manner detailed in the example is not a good idea in production. This type of mistake has unfortunately been made by many device vendors (outside of the Yocto Project context) leading to security vulnerabilities. (From yocto-docs rev: 1d07dba9423ae0a841eccb58c297e31b63c3965d) Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Paul Eggleton
committed by
Richard Purdie
Richard Purdie
parent
11025bed13
commit
30b4b153d6
@@ -576,6 +576,14 @@ Finally, here is an example that sets the root password::
|
||||
usermod -p '${PASSWD}' root; \
|
||||
"
|
||||
|
||||
.. note::
|
||||
|
||||
From a security perspective, hardcoding a default password is not
|
||||
generally a good idea or even legal in some jurisdictions. It is
|
||||
recommended that you do not do this if you are building a production
|
||||
image.
|
||||
|
||||
|
||||
.. _ref-classes-features_check:
|
||||
|
||||
``features_check.bbclass``
|
||||
|
||||
Reference in New Issue
Block a user