This is about the current MySQL users/permissions system. Pros:
Current system provides a safety net against escalation of some security bugs in DOMjudge
Cons:
Doesn't prevent against imporant scenarios of exploitation (e.g. wouldn't prevent to read other team's source code, or seeing test cases)
Quite some code and administration needed to keep it all up to date.
Changing to another user system may dilute the current system even more;
Changing to another user system is much simpler when there's no mysql users to interfere with
Having one user would make Debian packages simpler
"Every other project has just one user"
We could make an exception or option for the judgehosts. They connect directly into MySQL, so you may want to make another user for that. But this is completely optional, so we can provide an example permission snippet for that for those that want to use it.
This is about the current MySQL users/permissions system. Pros:
We could make an exception or option for the judgehosts. They connect directly into MySQL, so you may want to make another user for that. But this is completely optional, so we can provide an example permission snippet for that for those that want to use it.