Separating database read only user and update user

stefanneuhaus / dependencycheck-central-mysql-docker

Self-updating OWASP DependencyCheck Database Server :book:

https://hub.docker.com/r/stefanneuhaus/dependencycheck-central-mysql/

Apache License 2.0

15 stars 9 forks source link

Separating database read only user and update user #3

Closed amandel closed 5 years ago

amandel commented 6 years ago

Thanks for this container. Since the database is and should only be updated inside the container it is possible to use a internal database user e.g. dc_update to do the database updates and leave the dc user with read only permissions. The password of the database user dc_update and root could be generated randomly and kept inside the container (or set via environment variable). It should then be possible to set the password of the dc database user via environment variable.

What do you think?

stefanneuhaus commented 6 years ago

To me this sounds like a very valuable feature.

Not sure, when I'll find the time to implement this. But of course pull requests are appreciated.

stefanneuhaus commented 5 years ago

For the record:

The MYSQL "root" user has only access from localhost. Its password will be created randomly during docker image creation and is stored in a file named /dependencycheck/root.pwd.
The user "dc-update" will be used internally for the automatic updating of the database. It can only connect from within the container. Its password will be created randomly during docker image creation and is stored in a file named /dependencycheck/dc-update.pwd.
The user "dc" is to be used for dependency-check clients for querying the database. It has read-only access. Its password is "dc".