[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de Status|In Discussion |RESOLVED Resolution|--- |DUPLICATE --- Comment #16 from Katrin Fischer --- We've stopped allowing the db user to login - marking duplicate of the bug that made it possible :) *** This bug has been marked as a duplicate of bug 20489 *** -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Jonathan Druart changed: What|Removed |Added CC||indr...@l2c2.co.in --- Comment #15 from Jonathan Druart --- *** Bug 20071 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Blou changed: What|Removed |Added Status|NEW |In Discussion --- Comment #13 from Blou --- The patch does what I need, but would need two more things, I think: 1) Make that a preference. To make it more acceptable to the people who don't believe in security :) 1b) The preference should by default be ON, but hey, that's arguable. 2) Prevent the unlimited creation of superuser using that user. I think as soon as there's one in the DB, the creation should be blocked. After that, an access directly to the db is required if you forget your account. Otherwise, the door is as open as before. 2b) I got a bash script to create support accounts from the backend. I'd be happy to add it to a patch if wanted. I'll sign the first patch off, because I think it's already a great move ahead. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Blou changed: What|Removed |Added CC||eric.be...@inlibro.com, ||francois.charbonnier@inlibr ||o.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 --- Comment #14 from Blou --- Created attachment 48788 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=48788&action=edit [SIGNED-OFF] Bug 11590: Restrict the actions for the DB user The DB user (the one defined in the KOHA_CONF file, section config) should not be used to navigate into Koha. It has been decided to let it actif to create the first user easily. This patch suggests to restrict as much as possible the actions for this user. If logged with this user, the administrator will only be able to create the first user and that's all. Automatically the new user created will be a superlibrarian. Test plan: 1/ Use the DB user to log you in into Koha. 2/ Make sure you are just able to go to the about and help pages. On the main page, you are pleased to create an user. 3/ Click on the link to create a new user 4/ Fill the form and save 5/ You are redirected to the loggin page 6/ Use the new user credentials and confirm it has been created as a superlibrarian. Signed-off-by: Philippe Blouin -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Blou changed: What|Removed |Added CC||philippe.blo...@inlibro.com --- Comment #11 from Blou --- I'd like to reply on Robin's comment. Here, I see a serious need for this as a matter of managing security. Let just call that the disgruntled employee scenario. I have no need for it RIGHT NOW, but as we plan for every possible outcome, to safeguard our customer's data or maintaining 24/7 access, one of them is the I-QUIT-AND-DESTROY-ALL-YOUR-SH.. scenario. So OK, I have my you-quit-I-lock-out-your-account. But changing a database password is a pain, always with some unforeseen consequences (yeah, I should plan those too). You try to not have to do it. Life is just simpler that way... Also, that's very hard to automate, or do manually through 100 databases. SO, why give a user through a very easy to use UI, very easy to remember staff url, an Uber-Access to all that is sacred in our business ? Anyway, too long text. We can argue about my failures as a security manager, but I reserve the right to argue that this direct access to the system should be blockable. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Blou changed: What|Removed |Added Attachment #40963|1 |0 is obsolete|| --- Comment #12 from Blou --- Comment on attachment 40963 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=40963 Bug 11590: Restrict the actions for the DB user I'd like to test this. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Jonathan Druart changed: What|Removed |Added Status|ASSIGNED|NEW -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Jonathan Druart changed: What|Removed |Added Attachment #40963|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Jonathan Druart changed: What|Removed |Added Assignee|jonathan.dru...@bugs.koha-c |koha-b...@lists.koha-commun |ommunity.org|ity.org Status|Needs Signoff |ASSIGNED -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Zeno Tajoli changed: What|Removed |Added Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Marcel de Rooy changed: What|Removed |Added See Also||http://bugs.koha-community. ||org/bugzilla3/show_bug.cgi? ||id=9164 CC||m.de.r...@rijksmuseum.nl -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Robin Sheat changed: What|Removed |Added Severity|major |enhancement --- Comment #10 from Robin Sheat --- ...and there is no circumstance where this is major importance. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 --- Comment #9 from Robin Sheat --- It'd be nice to have a koha-conf.xml or environment override. In dev environments, I'm grabbing database and loading them in, and and prod environments I'm often needing to go in and get to the settings without having a login handy. (Personally, I think that it's trying to solve a problem that doesn't need to be solved, but that's just me.) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Jonathan Druart changed: What|Removed |Added Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Jonathan Druart changed: What|Removed |Added Attachment #24595|0 |1 is obsolete|| --- Comment #8 from Jonathan Druart --- Created attachment 40963 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=40963&action=edit Bug 11590: Restrict the actions for the DB user The DB user (the one defined in the KOHA_CONF file, section config) should not be used to navigate into Koha. It has been decided to let it actif to create the first user easily. This patch suggests to restrict as much as possible the actions for this user. If logged with this user, the administrator will only be able to create the first user and that's all. Automatically the new user created will be a superlibrarian. Test plan: 1/ Use the DB user to log you in into Koha. 2/ Make sure you are just able to go to the about and help pages. On the main page, you are pleased to create an user. 3/ Click on the link to create a new user 4/ Fill the form and save 5/ You are redirected to the loggin page 6/ Use the new user credentials and confirm it has been created as a superlibrarian. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Jonathan Druart changed: What|Removed |Added Status|In Discussion |ASSIGNED Assignee|k...@bywatersolutions.com |jonathan.dru...@bugs.koha-c ||ommunity.org CC||jonathan.dru...@bugs.koha-c ||ommunity.org Summary|Librarian able to checkout |Restrict the actions for |item without setting branch |the DB user |first | --- Comment #7 from Jonathan Druart --- Since we already agreed on not to use the DB user to navigate into Koha, I am stealing this bug report to submit a patch to restrict the actions of this user. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590 Jonathan Druart changed: What|Removed |Added Severity|critical|major -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
