Databases without a password

By default, AdminNeo does not allow connecting to databases without a password. The reason is that if an attacker would be able to access the AdminNeo interface, the database will also be compromised.

If possible, set up the database server to require a password. If not (SQLite or SimpleDB):

Configure the default password

Default password can be defined by the defaultPasswordHash configuration parameter.

Add the parameter to the configuration in adminneo-config.php file:

<?php

return [
    // Inline the result of password_hash() so that the password is not visible in the source code.
    // password_hash("YOUR_PASSWORD_HERE", PASSWORD_DEFAULT)
    "defaultPasswordHash" => "$2y$12$iPiS7CrfImmfjfQU9YU4ZeGNXRu9NiszTPyMik/ZsrRAadlgs8r3G",
];

More information about the configuration.

Allow an empty password

Set defaultPasswordHash configuration parameter to an empty string in adminneo-config.php file:

<?php

return [
    "defaultPasswordHash" => "",
];

⚠️ Warning: Allow an empty password on your own risk and put other sufficient safety measures in place. You can use:

IpLoginPlugin to restrict login to given IP address.
OtpLoginPlugin to add time-based one-time password authentication to the login form.
ExternalLoginPlugin to authenticate a user by a custom method.

More information about the plugins.