Currently the main administrator user is hard-coded into the application. Even if I create another user with administrator privileges, I cannot rename or delete the existing one.
Why is this a problem?
Anyone that is familiar with Manager can brute-force entry to a database by testing thousands of passwords until they find one that works.
What is the solution?
If we can rename the username as well, it makes Manager even more secure because not only do they need to brute-force the password, but they need to guess what the administrator’s username is as well.
Even if we cannot delete the primary user, the ability to change the ‘username’ would solve this issue.
Currently it’s non-editable: