I setup memgraph using docker-compose like so:
version: '3.8'
services:
batbard_memgraph:
image: memgraph/memgraph-platform:2.11.1-memgraph2.11.0-lab2.8.3
restart: always
ports:
- "7687:7687"
- "4000:3000"
- "7444:7444"
volumes:
- memgraph_lib:/var/lib/memgraph
- memgraph_etc:/etc/memgraph
env_file:
- ./memgraph/.env
entrypoint: [ "/usr/bin/supervisord" ]
and I have an environment file, correctly created at memgraph/.env relative to the docker-compose:
MEMGRAPH="--log-level=TRACE"
MGCONSOLE="--username=admin --password=XXXXXXX"
And the instance launches fine. But the username/password is not set and when I attempt to open the console, it does not ask me for a password at all. Anyone can just connect.
What's the issue here?
I also do think just allowing remote (non localhost) connections freely when authentication was not setup correctly, is a serious risk. For example with Redis, if you don't configure an admin password it will reject connections automatically from anything outside. Memgraph just allows anyone regardless.
Here are the logs from the startup:
2023-10-30T16:16:22.014+00:00 | /usr/lib/python3/dist-packages/supervisor/options.py:474: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
-- | --
| 2023-10-30T16:16:22.015+00:00 | self.warnings.warn(
| 2023-10-30T16:16:22.017+00:00 | 2023-10-30 16:16:22,017 INFO Included extra file "/etc/supervisor/programs/lab.conf" during parsing
| 2023-10-30T16:16:22.029+00:00 | 2023-10-30 16:16:22,028 INFO Included extra file "/etc/supervisor/programs/memgraph.conf" during parsing
| 2023-10-30T16:16:22.029+00:00 | 2023-10-30 16:16:22,029 INFO Set uid to user 0 succeeded
| 2023-10-30T16:16:22.030+00:00 | 2023-10-30 16:16:22,030 INFO supervisord started with pid 1
| 2023-10-30T16:16:23.038+00:00 | 2023-10-30 16:16:23,033 INFO spawned: 'memgraph' with pid 6
| 2023-10-30T16:16:23.038+00:00 | 2023-10-30 16:16:23,034 INFO spawned: 'lab' with pid 7
| 2023-10-30T16:16:23.073+00:00 | You are running Memgraph v2.11.0
| 2023-10-30T16:16:23.073+00:00 | To get started with Memgraph, visit https://memgr.ph/start
| 2023-10-30T16:16:23.575+00:00 | [2023-10-30 16:16:23.513] INFO: [lab] Lab is running at http://localhost:3000 in platform mode
| 2023-10-30T16:16:24.576+00:00 | 2023-10-30 16:16:24,576 INFO success: memgraph entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
| 2023-10-30T16:16:24.577+00:00 | 2023-10-30 16:16:24,576 INFO success: lab entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
I setup memgraph using docker-compose like so:
and I have an environment file, correctly created at memgraph/.env relative to the docker-compose:
And the instance launches fine. But the username/password is not set and when I attempt to open the console, it does not ask me for a password at all. Anyone can just connect.
What's the issue here?
I also do think just allowing remote (non localhost) connections freely when authentication was not setup correctly, is a serious risk. For example with Redis, if you don't configure an admin password it will reject connections automatically from anything outside. Memgraph just allows anyone regardless.
Here are the logs from the startup: