diff --git a/apps/emqx_dashboard/src/emqx_dashboard_schema.erl b/apps/emqx_dashboard/src/emqx_dashboard_schema.erl index 50e35459d..e4545b5fb 100644 --- a/apps/emqx_dashboard/src/emqx_dashboard_schema.erl +++ b/apps/emqx_dashboard/src/emqx_dashboard_schema.erl @@ -254,6 +254,10 @@ default_username(default) -> <<"admin">>; default_username(required) -> true; default_username(desc) -> ?DESC(default_username); default_username('readOnly') -> true; +%% username is hidden but password is not, +%% this is because we want to force changing 'admin' user's password. +%% instead of suggesting to create a new user --- which could be +%% more prone to leaving behind 'admin' user's password unchanged without detection. default_username(importance) -> ?IMPORTANCE_HIDDEN; default_username(_) -> undefined. @@ -264,7 +268,7 @@ default_password('readOnly') -> true; default_password(sensitive) -> true; default_password(converter) -> fun emqx_schema:password_converter/2; default_password(desc) -> ?DESC(default_password); -default_password(importance) -> ?IMPORTANCE_HIDDEN; +default_password(importance) -> ?IMPORTANCE_LOW; default_password(_) -> undefined. cors(type) -> boolean(); diff --git a/rel/i18n/emqx_dashboard_schema.hocon b/rel/i18n/emqx_dashboard_schema.hocon index 4ee5f32d8..3efaf9940 100644 --- a/rel/i18n/emqx_dashboard_schema.hocon +++ b/rel/i18n/emqx_dashboard_schema.hocon @@ -28,10 +28,9 @@ cors.label: """CORS""" default_password.desc: -"""The initial default password for dashboard 'admin' user. -For safety, it should be changed as soon as possible. -This value is not valid when you log in to Dashboard for the first time via the web -and change to a complex password as prompted.""" +"""The password used to initialize a database record for `admin` user. +NOTE: Changing the default password after it has been initialized (boot up for the fist time) has no effect. +Once initialized, the default password `public` must be changed from dashboard or CLI as soon as possible.""" default_password.label: """Default password"""