Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#89 closed defect (fixed)

Secure codebase for public access

Reported by: Peter Powers Owned by: Kevin Milner
Priority: major Milestone: OpenSHA 1.1
Component: sha Version:
Keywords: Cc:

Description

Remove any hardcoded username/pass combinations.

One option is to put any U/P in a textfile that is then added to cvsignore.

Change History (2)

comment:1 Changed 13 years ago by Kevin Milner

Resolution: fixed
Status: newclosed

I actually think that they've all been cleaned by now. Read only passwords are still included in the repository though.

Here are the passwords that I know of:

  • CyberShake? mysql db
    • Old password is now the read only password (still in SVN), read/write password isn't and never has been in repo
  • oracle fault DB
    • same as CyberShake?. All write access is via the servlet DB access, which had the pass info stored outside of SVN. read only pass IS stored in SVN
  • "user auth db" - an old mysql db from gravity.
    • the password is in the repo, but the mysql server is down for good. I'm not sure what this was used for anyway

know anything I'm missing? closing the ticket for now.

comment:2 Changed 13 years ago by Ned Field

I think we should open it if it's not too difficult, especially if we can keep track of how many different downloads there are. I always get annoyed by those smug a-holes that imply our present system isn't really open (which is really a matter of semantics).

Note: See TracTickets for help on using tickets.