[Maintain-dev] [JIRA] Updated: (MNT-1548) Updater security

Josh Schonstal (JIRA) jira at osuosl.org
Mon Mar 5 11:04:57 PST 2007


     [ http://bugs.osuosl.org/browse/MNT-1548?page=history ]

Josh Schonstal updated MNT-1548:
--------------------------------

    Comment: was deleted

> Updater security
> ----------------
>
>          Key: MNT-1548
>          URL: http://bugs.osuosl.org/browse/MNT-1548
>      Project: Maintain
>         Type: Task
>   Components: Frontend/Web Interface, Modules
>     Versions: 3.0, 3.0.0-RC1
>     Reporter: Frederic Wenzel
>     Assignee: Josh Schonstal
>     Priority: Urgent

>
>
> Maintain's updating procedure needs to be made more secure.
> - setup_user_environment() should check if MAINTAIN_DB_VERSION is the actual db version match, kick all users out if not.
> - change the backend accordingly (don't run build scripts if your db is not up to date)
> - Show people a login screen mentioning that Maintain is currently being upgraded and they should check back later
> - only allow full admin login there
> - on login, forward the full admin to the Maintain installer

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira



More information about the Maintain-dev mailing list