[Koha-devel] Bug 8641
Paul
paul.a at aandc.org
Wed Jan 23 18:36:18 CET 2013
At 06:48 PM 1/22/2013 -0500, Jared Camins-Esakov wrote:
>Paul,
>This bug was signed off a few weeks ago, and is designed to produce a
>"warning" in the "About" page covering staff use of Koha (not sure if this
>covers all flag settings down from superlibrarian or if it applies to 3.8.
>as well as 3.10?) logging in as either "root", "admin (mysql) account" or
>"database administrative user."
>I seem to remember (but could be wrong) that after a new 3.8 install, Koha
>created a "new user", number 0, which was problematic and as far as I can
>tell exhibited the signs that the warning covers (I have tried to read all
>details in bugs 8641, 8262 and 9008 plus some references to IRC.)
>You are. User "0" is the database administrative user. Do not use it for
>anything other than initial installation and upgrades. Ever.
Thanks Jared. I'm glad that my memory didn't fail me :) and that I never
use it. But I'm still interested in the "warning" - particularly as you
mention that it should be used for upgrades.
As far as I can see (using getent passwd | cut -d : -f 1 | xargs groups)
there is no problem with *system* security. Also, User "0" does not appear
in the MySql 'borrowers' table. So why is it possible to log in with the
"warned against" credentials? How should it be used during upgrades?
It also is possible to create a superlibrarian with User "koha"
credentials; limited testing in my sandbox has not [yet!] shown any side
effects, except that User "0" can no longer log in (demonstrated by the
fact that "Library" is set.)
Best - Paul
_______________________________________________
Koha-devel mailing list
Koha-devel at lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
---
Maritime heritage and history, preservation and conservation,
research and education through the written word and the arts.
<http://NavalMarineArchive.com> and <http://UltraMarine.ca>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130123/5e3ed831/attachment.html>
More information about the Koha-devel
mailing list