[Koha-bugs] [Bug 11590] Restrict the actions for the DB user
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Mar 8 15:59:59 CET 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11590
Blou <philippe.blouin at inlibro.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |In Discussion
--- Comment #13 from Blou <philippe.blouin at inlibro.com> ---
The patch does what I need, but would need two more things, I think:
1) Make that a preference. To make it more acceptable to the people who don't
believe in security :)
1b) The preference should by default be ON, but hey, that's arguable.
2) Prevent the unlimited creation of superuser using that user. I think as soon
as there's one in the DB, the creation should be blocked. After that, an
access directly to the db is required if you forget your account. Otherwise,
the door is as open as before.
2b) I got a bash script to create support accounts from the backend. I'd be
happy to add it to a patch if wanted.
I'll sign the first patch off, because I think it's already a great move ahead.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list