Mercurial > gemma
comparison schema/roles.sql @ 478:3af7ca761f6a
Purge password reset role
The risk of SQL-injections and thus privilege escalation
via the metamorphic user was estimated not high enough to
justify the extra role. Thus, bring database back in line
with rev. ffdb507d5b42 and re-enable password reset.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Thu, 23 Aug 2018 16:41:44 +0200 |
| parents | 5611cf72cc92 |
| children | 6590208e3ee1 |
comparison
equal
deleted
inserted
replaced
| 477:00b52d653039 | 478:3af7ca761f6a |
|---|---|
| 7 | 7 |
| 8 -- | 8 -- |
| 9 -- Special roles | 9 -- Special roles |
| 10 -- | 10 -- |
| 11 | 11 |
| 12 -- A role that is intended to be used for password reset only | |
| 13 CREATE ROLE pw_reset; | |
| 14 | |
| 15 -- A role that is intended to be used for backend- or | 12 -- A role that is intended to be used for backend- or |
| 16 -- GeoServer-connections on which SET ROLE has to be used to | 13 -- GeoServer-connections on which SET ROLE has to be used to |
| 17 -- gain privileges of a specific role | 14 -- gain privileges of a specific role |
| 18 CREATE ROLE metamorph NOINHERIT; | 15 CREATE ROLE metamorph NOINHERIT; |