Enhance security documentation: add password generation instructions and reduce default credential exposure

Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>

examples/CONFIGURATION_SCREENSHOT_GUIDE.md

@@ -29,10 +29,17 @@ Your `mcp_settings.json` should look like this:
 }
 ```
 
-**Security Note:** The `password` field should contain a bcrypt hash. For the default admin password (`admin123`), use:
-`$2b$10$Vt7krIvjNgyN67LXqly0uOcTpN0LI55cYRbcKC71pUDAP0nJ7RPa.`
+**Security Note:** The `password` field must contain a bcrypt hash, not plain text. 
 
-**⚠️ IMPORTANT:** Always change the default admin password in production!
+**To generate a bcrypt hash:**
+```bash
+node -e "console.log(require('bcrypt').hashSync('your-password', 10))"
+```
+
+**⚠️ CRITICAL SECURITY:** 
+- Never use default credentials in production
+- Always change the admin password before deploying
+- Store password hashes, never plain text passwords
 
 ## 📁 File Structure
 

examples/QUICK_START_JIRA.md

@@ -83,7 +83,10 @@ pnpm dev
 ### Step 6: Verify Connection (30 seconds)
 
 1. Open http://localhost:3000
-2. Login: `admin` / `admin123` (**⚠️ Change this password in production!**)
+2. Login with default credentials (see [README_ATLASSIAN_JIRA.md](./README_ATLASSIAN_JIRA.md#verification) for credentials)
+   
+   **⚠️ CRITICAL:** Immediately change the admin password through dashboard Settings → Users
+   
 3. Check dashboard - you should see "jira" server as "Connected" ✅
 
 ## 🎉 That's It!

examples/README.md

@@ -179,7 +179,7 @@ docker run --env-file .env.production ...
 
 | Symptom | Likely Cause | Quick Fix |
 |---------|--------------|-----------|
-| "uvx command not found" | UV not installed | Install UV: `curl -LsSf https://astral.sh/uv/install.sh \| sh` |
+| "uvx command not found" | UV not installed | Install UV: `curl -LsSf https://astral.sh/uv/install.sh | sh` |
 | "401 Unauthorized" | Wrong API token | Regenerate token at Atlassian settings |
 | Server "Disconnected" | Missing env vars | Check `.env` file exists and has values |
 | "Downloading cryptography" errors | Network/Python issue | Wait and retry, check internet connection |

examples/README_ATLASSIAN_JIRA.md

@@ -191,7 +191,14 @@ After starting MCPHub:
 1. Open `http://localhost:3000` in your browser
 2. Log in with default credentials: `admin` / `admin123`
    
-   **⚠️ SECURITY WARNING:** Change the default admin password immediately in production! The default password is only for initial setup and testing.
+   **⚠️ SECURITY WARNING:** Change the default admin password immediately in production! 
+   
+   **To change the password:**
+   - Option 1: Use the dashboard after logging in (Settings → Users → Change Password)
+   - Option 2: Generate a bcrypt hash and update `mcp_settings.json`:
+     ```bash
+     node -e "console.log(require('bcrypt').hashSync('your-new-password', 10))"
+     ```
    
 3. Check the dashboard to see if the Atlassian server is connected
 4. Look for the server status - it should show as "Connected" or "Running"

examples/mcp_settings_atlassian_jira.json

@@ -14,6 +14,7 @@
   "users": [
     {
       "username": "admin",
+      "_comment": "Password must be a bcrypt hash. Generate with: node -e \"console.log(require('bcrypt').hashSync('your-password', 10))\"",
       "password": "${ADMIN_PASSWORD_HASH}",
       "isAdmin": true
     }