[Maintain-dev] [JIRA] Updated: (MNT-1548) Updater security
Frederic Wenzel (JIRA)
jira at osuosl.org
Wed Aug 16 13:13:16 PDT 2006
[ http://bugs.osuosl.org/browse/MNT-1548?page=history ]
Frederic Wenzel updated MNT-1548:
---------------------------------
Summary: Updater security (was: User Access Levels)
Description:
Maintain's updating procedure needs to be made more secure.
- setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
- change the backend accordingly (don't run build scripts if your db is not up to date)
- Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
- only allow full admin login there
- on login, forward the full admin to the Maintain installer
was:
Maintain's user access levels have to be enhanced.
- setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
- change the backend accordingly (don't run build scripts if your db is not up to date)
- Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
- only allow full admin login there
- on login, forward the full admin to the Maintain installer
> Updater security
> ----------------
>
> Key: MNT-1548
> URL: http://bugs.osuosl.org/browse/MNT-1548
> Project: Maintain
> Type: Task
> Components: Frontend/Web Interface, Modules
> Versions: 3.0, 3.0.0-RC1
> Reporter: Frederic Wenzel
> Assignee: Michael Clay
> Priority: Urgent
>
>
> Maintain's updating procedure needs to be made more secure.
> - setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
> - change the backend accordingly (don't run build scripts if your db is not up to date)
> - Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
> - only allow full admin login there
> - on login, forward the full admin to the Maintain installer
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
More information about the Maintain-dev
mailing list