[bogomipblips]

Just from looking right now, I'm a bit puzzled by being told right away that it has all open APIs in a warning in the install guide. Would I really want to tell someone to try starting something for our security that is an immediate attack vector?

[vinckr]

if you leave the admin APIs unsecured in production it is an attack vector, not sure what you would prefer being told here?

It says "When deploying Ory open-source Servers, protect access to their APIs using Ory Oathkeeper or a comparable API Gateway."

[bogomipblips]

Since docker/k8s I've started to encounter containers that just start with a default user and no password. The Cuckoo's Egg was published in 1989. Choose a random password if you don't have one and print it to the console.