Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0004625 | Openbravo ERP | C. Security | public | 2008-08-14 10:50 | 2024-03-14 16:48 |
|
| Reporter | villind | |
| Assigned To | iciordia | |
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | out of date | |
| Platform | | OS | 5 | OS Version | |
| Product Version | 2.40beta | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0004625: Created postgresql database user has too much permissions. |
| Description | Created postgresql user has superuser permissions. This means that openbravo can see and modify all other databases on postgresql server.
|
| Steps To Reproduce | ant install.source |
| Proposed Solution | - Remove superuser permission.
- Remove permission to update pg_catalog
See the attached patch. |
| Additional Information | |
| Tags | ReleaseCandidate |
| Relationships | | depends on | feature request | 0003392 | pi | acknowledged | rmorley | Rewrite all procedures that drop/disble DB constraints | | Not all the children of this issue are yet resolved or closed. |
|
| Attached Files |  openbravo_postgresql_nosuperuser_permission.diff (605) 2008-08-14 10:50
https://issues.openbravo.com/file_download.php?file_id=208&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2008-08-14 10:50 | villind | New Issue | |
| 2008-08-14 10:50 | villind | Assigned To | => cromero |
| 2008-08-14 10:50 | villind | sf_bug_id | 0 => 2051075 |
| 2008-08-14 10:50 | villind | File Added: openbravo_postgresql_nosuperuser_permission.diff | |
| 2008-08-14 10:50 | villind | Regression testing | => No |
| 2008-11-10 13:10 | cromero | Assigned To | cromero => pjuvara |
| 2008-11-16 18:43 | pjuvara | Status | new => acknowledged |
| 2008-11-16 18:43 | pjuvara | Tag Attached: POS 2.30 Candidate | |
| 2008-11-16 18:43 | pjuvara | Tag Attached: ReleaseCandidate | |
| 2008-11-16 18:43 | pjuvara | Tag Detached: POS 2.30 Candidate | |
| 2008-11-16 18:43 | pjuvara | Relationship added | depends on 0003392 |
| 2009-05-22 19:36 | pjuvara | Assigned To | pjuvara => iciordia |
| 2024-03-14 16:48 | shuehner | Status | acknowledged => scheduled |
| 2024-03-14 16:48 | shuehner | Note Added: 0162192 | |
| 2024-03-14 16:48 | shuehner | Status | scheduled => closed |
| 2024-03-14 16:48 | shuehner | Resolution | open => out of date |