Re: [Koha-devel] SQL reports [error]
At 09:28 AM 4/30/2012 -0400, Chris Nighswonger wrote:
On Mon, Apr 30, 2012 at 9:27 AM, Chris Nighswonger <<mailto:cnighswonger@foundations.edu>cnighswonger@foundations.edu> wrote: On Mon, Apr 30, 2012 at 9:13 AM, Paul <<mailto:paul.a@aandc.org>paul.a@aandc.org> wrote:
Can anyone point me rapidly to the portion of script that I should have a look at?
Fair warning: Mung up at your own risk....
and
Chris, Many thanks, I'll see what I can do (after hours tonight.) Just wondering if a perl expert could suggest the code to add a "condition" to if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) { push @errors, {sqlerr => $1}; } along the lines of " unless username='paul' " I'm not too worried about the security risks for two reasons a) the script works as intended, and b) very few of our people actually have their permissions set to "Allow to access to the reports module." Best regards - Paul
Le 30/04/2012 16:21, Paul a écrit :
Chris,
Many thanks, I'll see what I can do (after hours tonight.) Just wondering if a perl expert could suggest the code to add a "condition" to if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) { push @errors, {sqlerr => $1}; }
along the lines of " unless username='paul' "
Question to all = could it be a good idea to let superlibrarians execute dangerous SQLs like the one forbidden by the test ? Otherwise asked: could we add a unless permission eq 'superlibrarian' condition ? ( ie: "with great power comes great responsibility" -@spiderman uncle- ) -- Paul POULAIN http://www.biblibre.com Expert en Logiciels Libres pour l'info-doc Tel : (33) 4 91 81 35 08
Paul, On Mon, Apr 30, 2012 at 11:17 AM, Paul Poulain <paul.poulain@biblibre.com>wrote:
Question to all = could it be a good idea to let superlibrarians execute dangerous SQLs like the one forbidden by the test ? Otherwise asked: could we add a unless permission eq 'superlibrarian' condition ?
( ie: "with great power comes great responsibility" -@spiderman uncle- )
We were actually just discussing that on #koha a few days ago. I argued that only the database user (i.e. user 0) should be allowed to do it. If you have the direct login, there's nothing you can't do with the system just by logging into the database. Regards, Jared -- Jared Camins-Esakov Bibliographer, C & P Bibliography Services, LLC (phone) +1 (917) 727-3445 (e-mail) jcamins@cpbibliography.com (web) http://www.cpbibliography.com/
Hi Paul, I really don’t like the idea. I think if you want someone to make changes to the database, you should give them a proper tool and training to do that (outside of Koha). The interface for statistics is very limited and does not give feedback when your SQL statements have errors or produce no result sets. Also it seems like a big security risk to me. Katrin From: koha-devel-bounces@lists.koha-community.org [mailto:koha-devel-bounces@lists.koha-community.org] On Behalf Of Jared Camins-Esakov Sent: Monday, April 30, 2012 5:21 PM To: Paul Poulain Cc: koha-devel@lists.koha-community.org Subject: Re: [Koha-devel] SQL reports [error] Paul, On Mon, Apr 30, 2012 at 11:17 AM, Paul Poulain <paul.poulain@biblibre.com> wrote: Question to all = could it be a good idea to let superlibrarians execute dangerous SQLs like the one forbidden by the test ? Otherwise asked: could we add a unless permission eq 'superlibrarian' condition ? ( ie: "with great power comes great responsibility" -@spiderman uncle- ) We were actually just discussing that on #koha a few days ago. I argued that only the database user (i.e. user 0) should be allowed to do it. If you have the direct login, there's nothing you can't do with the system just by logging into the database. Regards, Jared -- Jared Camins-Esakov Bibliographer, C & P Bibliography Services, LLC (phone) +1 (917) 727-3445 (e-mail) jcamins@cpbibliography.com (web) http://www.cpbibliography.com/
I agree with Katrin; this is a very risky proposition and probably shouldn't be added to the Koha codebase. Not only is doing this securely hard, but it also makes the job of your system support specialist much harder (speaking as a former professional Koha support guy here). If you're in a situation where you cannot access MySQL directly, then there is a strong chance someone else is administrating the database (or entire Koha installation) for you. Making database-level changes through the GUI could result in massive damage to your data, and seriously ruin the day of your sysadmin. If you need to make these changes, I'd run it by whoever is responsible for the server, and hopefully they can help you do it in a safe/sane way. If you yourself are the administrator of the server, then you should be able to do this kind of work against MySQL directly, so adding a GUI-level interface would be unnecessary. -Ian On Mon, Apr 30, 2012 at 11:44, Fischer, Katrin <Katrin.Fischer@bsz-bw.de>wrote:
Hi Paul,****
** **
I really don’t like the idea. I think if you want someone to make changes to the database, you should give them a proper tool and training to do that (outside of Koha). The interface for statistics is very limited and does not give feedback when your SQL statements have errors or produce no result sets. Also it seems like a big security risk to me.****
** **
Katrin****
** **
*From:* koha-devel-bounces@lists.koha-community.org [mailto: koha-devel-bounces@lists.koha-community.org] *On Behalf Of *Jared Camins-Esakov *Sent:* Monday, April 30, 2012 5:21 PM *To:* Paul Poulain *Cc:* koha-devel@lists.koha-community.org *Subject:* Re: [Koha-devel] SQL reports [error]****
** **
Paul,****
** **
** **
On Mon, Apr 30, 2012 at 11:17 AM, Paul Poulain <paul.poulain@biblibre.com> wrote:****
Question to all = could it be a good idea to let superlibrarians execute dangerous SQLs like the one forbidden by the test ? Otherwise asked: could we add a unless permission eq 'superlibrarian' condition ?
( ie: "with great power comes great responsibility" -@spiderman uncle- )** **
** **
We were actually just discussing that on #koha a few days ago. I argued that only the database user (i.e. user 0) should be allowed to do it. If you have the direct login, there's nothing you can't do with the system just by logging into the database.****
** **
Regards,****
Jared ****
** **
-- Jared Camins-Esakov****
Bibliographer, C & P Bibliography Services, LLC****
(phone) +1 (917) 727-3445****
(e-mail) jcamins@cpbibliography.com****
(web) http://www.cpbibliography.com/****
** **
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
On Mon, Apr 30, 2012 at 11:44 AM, Fischer, Katrin <Katrin.Fischer@bsz-bw.de>wrote:
Hi Paul,****
** **
I really don’t like the idea. I think if you want someone to make changes to the database, you should give them a proper tool and training to do that (outside of Koha). The interface for statistics is very limited and does not give feedback when your SQL statements have errors or produce no result sets. Also it seems like a big security risk to me.****
**
I tend to agree with Katrin here. I wonder if there is not even a better way to handle the installer so that the db user does not have to log into the interface at all? Kind Regards, Chris
Yes! I have a proposal for possible changes to the web installer at http://wiki.koha-community.org/wiki/Rfc_3.10_webinstaller_improvements - which includes the possibility to remove the ability of the db user to log in at all and force creation of a new admin superlibrarian at install time. lrea@nekls.org On Apr 30, 2012, at 10:59 AM, Chris Nighswonger wrote:
On Mon, Apr 30, 2012 at 11:44 AM, Fischer, Katrin <Katrin.Fischer@bsz-bw.de> wrote: Hi Paul,
I really don’t like the idea. I think if you want someone to make changes to the database, you should give them a proper tool and training to do that (outside of Koha). The interface for statistics is very limited and does not give feedback when your SQL statements have errors or produce no result sets. Also it seems like a big security risk to me.
I tend to agree with Katrin here.
I wonder if there is not even a better way to handle the installer so that the db user does not have to log into the interface at all?
Kind Regards, Chris _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
Liz, 2012/4/30 Liz Rea <lrea@nekls.org>
Yes! I have a proposal for possible changes to the web installer at http://wiki.koha-community.org/wiki/Rfc_3.10_webinstaller_improvements - which includes the possibility to remove the ability of the db user to log in at all and force creation of a new admin superlibrarian at install time.
Oh yes please, that looks amazing! Regards, Jared -- Jared Camins-Esakov Bibliographer, C & P Bibliography Services, LLC (phone) +1 (917) 727-3445 (e-mail) jcamins@cpbibliography.com (web) http://www.cpbibliography.com/
Le 30/04/2012 17:59, Chris Nighswonger a écrit :
On Mon, Apr 30, 2012 at 11:44 AM, Fischer, Katrin <Katrin.Fischer@bsz-bw.de <mailto:Katrin.Fischer@bsz-bw.de>> wrote:
I wonder if there is not even a better way to handle the installer so that the db user does not have to log into the interface at all?
YES, there is = the patch submitted for a new DB update handling (http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7167) achieves that. I have to check that it still applies, and the patch must pass QA. (That will also fix sandbox not being very usefull when there is an updatedatabase, for the same reason = SQL login/password requested] -- Paul POULAIN http://www.biblibre.com Expert en Logiciels Libres pour l'info-doc Tel : (33) 4 91 81 35 08
On May 1, 2012 4:00 AM, "Chris Nighswonger" <cnighswonger@foundations.edu> wrote:
On Mon, Apr 30, 2012 at 11:44 AM, Fischer, Katrin <
Katrin.Fischer@bsz-bw.de> wrote:
Hi Paul,
I really don’t like the idea. I think if you want someone to make
changes to the database, you should give them a proper tool and training to do that (outside of Koha). The interface for statistics is very limited and does not give feedback when your SQL statements have errors or produce no result sets. Also it seems like a big security risk to me.
I tend to agree with Katrin here.
I also agree, and there are tools out there to do this, if you really want to enable arbitrary SQL from the web. Things like phpmyadmin you could install and use over the web instead. With MySQL users you give appropriate permissions to. Chris
participants (8)
-
Chris Cormack -
Chris Nighswonger -
Fischer, Katrin -
Ian Walls -
Jared Camins-Esakov -
Liz Rea -
Paul -
Paul Poulain