关键漏洞信息 Hard-Coded Credentials - The plugin uses a list of username/password accounts that are hard-coded into the plugin configuration. Insecure Password Storage - Passwords are stored as hashes, but the plugin documentation shows how to create and configure these hashes, which could potentially be misused if not done securely. Environment Variables for Password Hashes - Password hashes are specified in environment variables when running Datasette, which could be risky if the environment variables are not properly secured. hiểm HTTP Basic Authentication Option - The plugin can be configured to use HTTP Basic authentication, which might be less secure than the default HTML form-based login due to the vulnerabilities. Demo Configuration Vulnerability - The demo setup uses a well-known username ( ) and password ( ), which could be exploited if a similar configuration is used in production environments. `` root password!`如果在生产环境中被采纳,将带来直接的安全风险。