Mercurial > gemma
diff schema/install-db.sh @ 478:3af7ca761f6a
Purge password reset role
The risk of SQL-injections and thus privilege escalation
via the metamorphic user was estimated not high enough to
justify the extra role. Thus, bring database back in line
with rev. ffdb507d5b42 and re-enable password reset.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 23 Aug 2018 16:41:44 +0200 |
parents | 638371a0e557 |
children | ad07846b09d1 |
line wrap: on
line diff
--- a/schema/install-db.sh Thu Aug 23 16:18:07 2018 +0200 +++ b/schema/install-db.sh Thu Aug 23 16:41:44 2018 +0200 @@ -17,8 +17,6 @@ -D, --demo also install demo accounts and data --adminpw set the password to use for the "sysadmin" account. Default is a random password. - --servicepw set the password to use for the "gemma_service" account. - Default is a random password. --metapw set the password to use for the "meta_login" account. Default is a random password. --drop drop database and all roles @@ -47,13 +45,12 @@ demo=0 drop=0 adminpw=`genpw 15` -servicepw=`genpw 15` metapw=`genpw 15` # Parse options: OPTS=`getopt \ - -l help,demo,db:,port:,drop,adminpw:,servicepw:,metapw: \ + -l help,demo,db:,port:,drop,adminpw:,metapw: \ -o Dd:p: -n "$ME" -- "$@"` [ $? -eq 0 ] || { usage ; exit 1 ; } @@ -73,10 +70,6 @@ adminpw="$2" shift 2 ;; - --servicepw) - servicepw="$2" - shift 2 - ;; --metapw) metapw="$2" shift 2 @@ -114,7 +107,7 @@ # setup initial login roles with given passwords: psql -qt -p "$port" -d "$db" \ - -v adminpw="$adminpw" -v servicepw="$servicepw" -v metapw="$metapw" \ + -v adminpw="$adminpw" -v metapw="$metapw" \ -f "$BASEDIR/std_login_roles.sql" if [[ $demo -eq 1 ]] ; then @@ -133,7 +126,7 @@ if [[ $a == "yes" ]] ; then dropdb -p "$port" "$db" psql -p $port -A -t -c '\du' | awk -F '|' -v port=$port \ - '$1 "." $3 ~ /waterway_user|waterway_admin|sys_admin|pw_reset|metamorph/ \ + '$1 "." $3 ~ /waterway_user|waterway_admin|sys_admin|metamorph/ \ { system("dropuser -p " port " \"" $1 "\"") }' else echo "No harm done."