Closed betydb closed 10 years ago
robkooper
commented
10 years ago Date : 2014-06-10T14:26:10Z
Only create admin account when loading betty and mysite=99 (i.e. on the VM). This will no longer convert account 1 to admin. By default all accounts are disabled.
robkooper
commented
10 years ago Date : 2014-06-17T15:58:25Z
latest version of the load.bety.sh script will only make user 1 be carya and admin if the database is imported on a VM (i.e. mysite=99), otherwise user 1 will be like all other users with a unusable password, page_access_level=3 and access_level=4.
Redmine : https://ebi-forecast.igb.illinois.edu/redmine/issues/2191 Creator : !mdietze Created : 2014-06-10T13:30:22Z
Right now the DB sync coming out of ebi-forecast is exporting the "carya" user with Admin permissions. If I change those permissions on the BU cluster then as soon as the next sync occurs then these permissions reset since the user is dropped and reloaded.
This means two bad things: 1) anyone can login to the BU Bety as an administrator (since the carya username and password are well documented with the VM demo); 2) even if we fix 'carya' specifically on the export then someone could always hijack admin access to one of the PEcAn servers by submitting a sync that has admin permissions. Therefore, I propose that the load.bety.sh function should be modified to strip permissions back to the basics. Also, by putting in in load then VM users can always use update.psql.sh to grab the full dump and still have the 'carya' admin user.
Having just discovered this vulnerability, I'd really like to get it fixed ASAP