[Maintain-dev] [JIRA] Commented: (MNT-1548) Updater security
Frederic Wenzel (JIRA)
jira at osuosl.org
Wed Aug 23 11:47:38 PDT 2006
[ http://bugs.osuosl.org/browse/MNT-1548?page=comments#action_11144 ]
Frederic Wenzel commented on MNT-1548:
--------------------------------------
Backend does not execute anymore when an update is necessary first.
> Updater security
> ----------------
>
> Key: MNT-1548
> URL: http://bugs.osuosl.org/browse/MNT-1548
> Project: Maintain
> Type: Task
> Components: Frontend/Web Interface, Modules
> Versions: 3.0, 3.0.0-RC1
> Reporter: Frederic Wenzel
> Assignee: Michael Clay
> Priority: Urgent
>
>
> Maintain's updating procedure needs to be made more secure.
> - setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
> - change the backend accordingly (don't run build scripts if your db is not up to date)
> - Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
> - only allow full admin login there
> - on login, forward the full admin to the Maintain installer
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
More information about the Maintain-dev
mailing list