Hi, My 2 cents are as follows: 1. What is the purpose of the operator user? (from how I understand, oper can do everything but add. modify and remove users) If the admin password is opened to the oper user, this effectively removes the distinction because the operator can now login as the admin user and make this modification. If there is a risk, it would be in the fact that the operator can dump the database to get the password. (which in my opinion would should be restricted, but just my opinion.) 2. The administrative password should probably be encrypted in the database. This will prevent anyone from getting access to is without having to do allot of computational work.
Side question, in the traffic control documentation the ort runs with the following: admin:password what is the user level requirement for the ort script to run correctly? (Must it be admin?, hoping it can be some low privileged operator user that can update that ths system has been updated...) Jeff On Fri, Mar 17, 2017 at 6:14 PM, Jeremy Mitchell <[email protected]> wrote: > Seems ok to me. > > Jeremy > > On Thu, Mar 16, 2017 at 10:04 AM, Gelinas, Derek < > [email protected]> > wrote: > > > Currently secure parameters are restricted to admin level access. I > > propose that we expand this to operations level access. Operations > already > > have access to the DB dumps, so already basically have access to these > > values. I’d like to know if there are any objections or thoughts on > this. > > > > Derek > > > > > > Derek Gelinas > > IPCDN Engineering > > [email protected]<mailto:[email protected]> > > 603.812.5379 > > > > >
