At 06:48 PM 1/22/2013 -0500, Jared Camins-Esakov wrote:
Paul,
This bug was signed off a few weeks ago, and is designed to produce a
"warning" in the "About" page covering staff use of Koha (not sure if this
covers all flag settings down from superlibrarian or if it applies to 3.8.
as well as 3.10?) logging in as either "root", "admin (mysql) account" or
"database administrative user."
I seem to remember (but could be wrong) that after a new 3.8 install, Koha
created a "new user", number 0, which was problematic and as far as I can
tell exhibited the signs that the warning covers (I have tried to read all
details in bugs 8641, 8262 and 9008 plus some references to IRC.)
You are. User "0" is the database administrative user. Do not use it for
anything other than initial installation and upgrades. Ever.
Thanks Jared. I'm glad that my memory didn't fail me :) and that I never
use it. But I'm still interested in the "warning" - particularly as you
mention that it should be used for upgrades.
As far as I can see (using getent passwd | cut -d : -f 1 | xargs groups)
there is no problem with *system* security. Also, User "0" does not appear
in the MySql 'borrowers' table. So why is it possible to log in with the
"warned against" credentials? How should it be used during upgrades?
It also is possible to create a superlibrarian with User "koha"
credentials; limited testing in my sandbox has not [yet!] shown any side
effects, except that User "0" can no longer log in (demonstrated by the
fact that "Library" is set.)
Best - Paul
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
---
Maritime heritage and history, preservation and conservation,
research and education through the written word and the arts.
<http://NavalMarineArchive.com> and <http://UltraMarine.ca>
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
