Proposal to make TOKEN mandatory #45
Description
Heya!
I'm super happy to have found your project :) as a longterm portainer + watchtower user it was time to look for a solution that didn't only incoperate both, but also looks neat on phone's, works with podman (not that i'm using it.. yet at home!) and the visual upgrade! Also the general way how you develop and interract with the community is something i just wanted to thank you for!
The reason i did make this issue is as a (lazy) linux admin i deployed hawser and didn't bother with setting up a token, however after a day or so i notice i had a crypto-miner on my nas and was wondering how. I fresh reinstalled it and only ran 3 containers, hawser, qbitorrent and autobrr, and just a few hours ago i noticed in dockhand that i had the exact same one again!
I'm super happy to have dockhand as i probably wouldn't have ever noticed it, and that's withoud alerting! But the only entry they would've have was through qbitorrent, i noticed my docker engine is 9 months out of support and the NAS OS discourages using apt to update packages.. Given that i didn't configure a token on hawser i assume that everyone on my local network could request to make a container if they find that endpoint unauthenticated?
I've been rambeling to much... So TLDR!
Would not configuring the TOKEN in the agent make everyone in the network be able to create containers, given that the socket is r/w?
If so, is it an idea to force users to use the token option? It is less user friendly i know, but given the endpoint could do some harm, and users aren't always informed about the implications, it might be better for them in the end?
No matter the outcome, i'm ok with either outcome :) the option is always there to configure it or use edge!