Project

General

Profile

Task #15524

Remove passwd.ini file from working environment.

Added by Anna Mazzacane over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
High
Target version:
Start date:
02/13/2017
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:
Duration:

Description

This is very high priority. Vladimir has already an idea how to fix that with the need of a psssw for the DB. He will investigate in his own work environment if the procedure already used in ECL does work for POMS. If yes, he will propagate this fix to dev and make a hot fix to prod.

History

#1 Updated by Anna Mazzacane over 3 years ago

  • Target version set to v2_0_0

#2 Updated by Vladimir Podstavkov over 3 years ago

  • Status changed from Assigned to Work in progress
  • % Done changed from 0 to 90
  • Estimated time set to 1.00 h

#3 Updated by Anna Mazzacane over 3 years ago

For now we keep the passwd.ini file but empty in devel,

then we will push the empty file in prod this Thursday

and then we will remove the passwd.ini file in the next POMS release.

#4 Updated by Tanya Levshina over 3 years ago

Could somebody provide more details about this fix? Does it mean if install code I will be able to write to a production database? Where is access controlled?

#5 Updated by Vladimir Podstavkov over 3 years ago

We removed password handling out of POMS application scope. It will not have password in the settings at all. The password handling will be done by the postgres library instead. I.e. password will be kept in the library predefined file (~/.pgpass) along with other connection details - host name, port number and account name. This file must have protection mode 600 otherwise it won't be used by the library. In this way the access to the file (and the password) is controlled by kerberos controlled access to the account.

#6 Updated by Vladimir Podstavkov over 3 years ago

  • Status changed from Work in progress to Resolved
  • % Done changed from 90 to 100

#7 Updated by Marc Mengel about 3 years ago

  • Status changed from Resolved to Closed


Also available in: Atom PDF