[Maintain-dev] [JIRA] Commented: (MNT-1548) Updater security

de (JIRA) jira at osuosl.org
Sat Mar 3 09:21:43 PST 2007


     [ http://bugs.osuosl.org/browse/MNT-1548?page=comments#action_11280 ]
     
de commented on MNT-1548:
-------------------------

http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/4/xen281.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/5/xen282.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/6/xen283.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/7/xen284.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/8/xen285.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/9/xen286.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/10/xen287.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/11/xen288.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/12/xen289.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/13/xen290.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/14/xen291.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/15/xen292.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/16/xen293.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/17/xen294.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/18/xen295.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/19/xen296.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/20/xen297.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/21/xen298.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/22/xen299.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/23/xen300.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/24/xen301.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/25/xen302.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/26/xen303.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/27/xen304.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/28/xen305.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/29/xen306.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/30/xen307.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/31/xen308.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/32/xen309.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/33/xen310.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/34/xen311.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/35/xen312.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/36/xen313.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/37/xen314.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/38/xen315.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/39/xen316.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/40/xen317.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/41/xen318.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/42/xen319.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/43/xen320.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/44/xen321.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/45/xen322.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/46/xen323.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/47/xen324.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/48/xen325.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/49/xen326.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/50/xen327.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/51/xen328.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/52/xen329.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/53/xen330.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/54/xen331.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/55/xen332.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/56/xen333.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/57/xen334.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/58/xen335.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/59/xen336.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/60/xen337.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/61/xen338.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/62/xen339.html http://forge.abcd.harvard.edu/tracker/download.php/33/203/95/63/xen340.html

> Updater security
> ----------------
>
>          Key: MNT-1548
>          URL: http://bugs.osuosl.org/browse/MNT-1548
>      Project: Maintain
>         Type: Task
>   Components: Frontend/Web Interface, Modules
>     Versions: 3.0, 3.0.0-RC1
>     Reporter: Frederic Wenzel
>     Assignee: Josh Schonstal
>     Priority: Urgent

>
>
> Maintain's updating procedure needs to be made more secure.
> - setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
> - change the backend accordingly (don't run build scripts if your db is not up to date)
> - Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
> - only allow full admin login there
> - on login, forward the full admin to the Maintain installer

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira



More information about the Maintain-dev mailing list