Home
Welcome to the openfoodfacts-infrastructure wiki!
Here we list good practices or policies that should be used on our infrastructure.
When communicating an account/password, please do use two different channels to do so. Example: the account name by email, and the password via Slack.
Every user of any kind of service should change his password if given by someone else.
The use of SSH keys to connect a server lower security risks, and is also more convenient both for users and sysadmins:
- no password exchanged
- sysadmin can give access based on published public keys; Github, for example, show its users public keys: https://github.com/CharlesNepote.keys
- giving access to a server is simple and secure:
curl https://github.com/CharlesNepote.keys | tee -a /home/charles/.ssh/authorized_keys
- giving access to a server is simple and secure:
The SUDO usage require to have a password for each user, even if the user uses SSH keys.
Source: https://xkcd.com/149/