[Maintain-dev] [JIRA] Updated: (MNT-1548) Updater security

Frederic Wenzel (JIRA) jira at osuosl.org
Wed Aug 16 13:13:16 PDT 2006 

     [ http://bugs.osuosl.org/browse/MNT-1548?page=history ]

Frederic Wenzel updated MNT-1548:
---------------------------------

        Summary: Updater security  (was: User Access Levels)
    Description: 
Maintain's updating procedure needs to be made more secure.

- setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
- change the backend accordingly (don't run build scripts if your db is not up to date)
- Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
- only allow full admin login there
- on login, forward the full admin to the Maintain installer


  was:
Maintain's user access levels have to be enhanced.

- setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
- change the backend accordingly (don't run build scripts if your db is not up to date)
- Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
- only allow full admin login there
- on login, forward the full admin to the Maintain installer



> Updater security
> ----------------
>
>          Key: MNT-1548
>          URL: http://bugs.osuosl.org/browse/MNT-1548
>      Project: Maintain
>         Type: Task
>   Components: Frontend/Web Interface, Modules
>     Versions: 3.0, 3.0.0-RC1
>     Reporter: Frederic Wenzel
>     Assignee: Michael Clay
>     Priority: Urgent

>
>
> Maintain's updating procedure needs to be made more secure.
> - setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
> - change the backend accordingly (don't run build scripts if your db is not up to date)
> - Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
> - only allow full admin login there
> - on login, forward the full admin to the Maintain installer

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira

More information about the Maintain-dev mailing list