I don't think so, since it seems the entire object is written by Hibernate update users set uid=$1, code=$2, created=$3, lastUpdated=$4, creatoruserid=$5, username=$6, password=$7, externalauth=$8, openid=$9, ldapid=$10, passwordLastUpdated=$11, lastLogin=$12, restoreToken=$13, restoreCode=$14, restoreExpiry=$15, selfRegistered=$16, invitation=$17, disabled=$18 where userid=$19
On Tue, May 24, 2016 at 10:44 AM, Morten Olav Hansen <mor...@dhis2.org> wrote: > Would it be possible to disregard updates on column password only? > > -- > Morten Olav Hansen > Senior Engineer, DHIS 2 > University of Oslo > http://www.dhis2.org > > On Tue, May 24, 2016 at 3:43 PM, Jason Pickering < > jason.p.picker...@gmail.com> wrote: > >> Someone who wishes to remain anonymous requested some useful logging. >> >> create or replace function cant_touch_this() returns trigger language >> plpgsql as $$ >> begin >> RAISE EXCEPTION 'Hammertime!'; >> return null; >> >> end $$; >> >> create trigger prevent_changing_password before update on users >> FOR EACH ROW >> execute procedure cant_touch_this(); >> >> >> >> On Tue, May 24, 2016 at 10:01 AM, Jason Pickering < >> jason.p.picker...@gmail.com> wrote: >> >>> I think this will work. Tested it locally >>> >>> create or replace function cant_touch_this() returns trigger language >>> plpgsql as $$ >>> begin >>> >>> return null; >>> >>> end $$; >>> >>> create trigger prevent_changing_password before update on users for each >>> row execute procedure cant_touch_this(); >>> >>> On Tue, May 24, 2016 at 9:39 AM, Morten Olav Hansen <mor...@dhis2.org> >>> wrote: >>> >>>> There are at least 4-5 different ways of doing it though... >>>> /api/userAccount, /api/me, any kind of user import etc... >>>> >>>> -- >>>> Morten Olav Hansen >>>> Senior Engineer, DHIS 2 >>>> University of Oslo >>>> http://www.dhis2.org >>>> >>>> On Tue, May 24, 2016 at 2:39 PM, Jason Pickering < >>>> jason.p.picker...@gmail.com> wrote: >>>> >>>>> That sounds like perhaps the best way to me. >>>>> >>>>> Just block POST to >>>>> >>>>> https://play.dhis2.org/dhis-web-commons-about/updateUserAccount.action >>>>> >>>>> and perhaps its API equivalent if it exists? >>>>> >>>>> Are there other ways? >>>>> >>>>> >>>>> On Tue, May 24, 2016 at 9:34 AM, Bob Jolliffe <bobjolli...@gmail.com> >>>>> wrote: >>>>> >>>>>> Could we use nginx to prevent access to the action. Redirect to >>>>>> somewhere punitive :-) >>>>>> On 24 May 2016 03:38, "Morten Olav Hansen" <mor...@dhis2.org> wrote: >>>>>> >>>>>>> I agree that it would be helpful. A couple of issues: >>>>>>> >>>>>>> 1) If using the web-api, it would require it to be a valid password, >>>>>>> so "district" would no longer work (District1?) >>>>>>> >>>>>>> 2) If instead injecting with SQL, one would also have to clear the >>>>>>> cache >>>>>>> >>>>>>> -- >>>>>>> Morten Olav Hansen >>>>>>> Senior Engineer, DHIS 2 >>>>>>> University of Oslo >>>>>>> http://www.dhis2.org >>>>>>> >>>>>>> On Tue, May 24, 2016 at 3:37 AM, John Mukulu < >>>>>>> john.f.muk...@gmail.com> wrote: >>>>>>> >>>>>>>> I concur, >>>>>>>> Or even a simple repeated 5 mins cronjob script to reset the >>>>>>>> password via API. >>>>>>>> >>>>>>>> On Mon, May 23, 2016 at 9:19 PM, Jim Grace <j...@dhis2.org> wrote: >>>>>>>> >>>>>>>>> Sounds reasonable to me. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, May 23, 2016 at 1:16 PM, Jason Pickering < >>>>>>>>> jason.p.picker...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Increasingly people change the password of the demo server. >>>>>>>>>> >>>>>>>>>> Can we put a database trigger in place to prevent this from being >>>>>>>>>> changed? It causes problems for people in general. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Jason >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Jason P. Pickering >>>>>>>>>> email: jason.p.picker...@gmail.com >>>>>>>>>> tel:+46764147049 >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Jim Grace >>>>>>>>> Core developer, DHIS 2 >>>>>>>>> HISP US Inc. >>>>>>>>> http://www.dhis2.org <https://www.dhis2.org/> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *http://mukulu.me <http://mukulu.me>* >>>>>>>> *Open source developer* >>>>>>>> >>>>>>>> -- >>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>> >>>>>>> >>>>>> -- >>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>> More help : https://help.launchpad.net/ListHelp >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Jason P. Pickering >>>>> email: jason.p.picker...@gmail.com >>>>> tel:+46764147049 >>>>> >>>> >>>> >>> >>> >>> -- >>> Jason P. Pickering >>> email: jason.p.picker...@gmail.com >>> tel:+46764147049 >>> >> >> >> >> -- >> Jason P. Pickering >> email: jason.p.picker...@gmail.com >> tel:+46764147049 >> > > -- Jason P. Pickering email: jason.p.picker...@gmail.com tel:+46764147049
-- Mailing list: https://launchpad.net/~dhis2-devs-core Post to : dhis2-devs-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs-core More help : https://help.launchpad.net/ListHelp
