Mercurial > gemma
comparison schema/roles.sql @ 478:3af7ca761f6a
Purge password reset role
The risk of SQL-injections and thus privilege escalation
via the metamorphic user was estimated not high enough to
justify the extra role. Thus, bring database back in line
with rev. ffdb507d5b42 and re-enable password reset.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 23 Aug 2018 16:41:44 +0200 |
parents | 5611cf72cc92 |
children | 6590208e3ee1 |
comparison
equal
deleted
inserted
replaced
477:00b52d653039 | 478:3af7ca761f6a |
---|---|
7 | 7 |
8 -- | 8 -- |
9 -- Special roles | 9 -- Special roles |
10 -- | 10 -- |
11 | 11 |
12 -- A role that is intended to be used for password reset only | |
13 CREATE ROLE pw_reset; | |
14 | |
15 -- A role that is intended to be used for backend- or | 12 -- A role that is intended to be used for backend- or |
16 -- GeoServer-connections on which SET ROLE has to be used to | 13 -- GeoServer-connections on which SET ROLE has to be used to |
17 -- gain privileges of a specific role | 14 -- gain privileges of a specific role |
18 CREATE ROLE metamorph NOINHERIT; | 15 CREATE ROLE metamorph NOINHERIT; |