Hm ok, not sure how all the triggers work. Just sucks a bit that people can't change openid/ldap etc, if they want to try it out.
-- Morten Olav Hansen Senior Engineer, DHIS 2 University of Oslo http://www.dhis2.org On Tue, May 24, 2016 at 3:46 PM, Jason Pickering < jason.p.picker...@gmail.com> wrote: > I don't think so, since it seems the entire object is written by Hibernate > > update users set uid=$1, code=$2, created=$3, lastUpdated=$4, > creatoruserid=$5, username=$6, password=$7, externalauth=$8, openid=$9, > ldapid=$10, passwordLastUpdated=$11, lastLogin=$12, restoreToken=$13, > restoreCode=$14, restoreExpiry=$15, selfRegistered=$16, invitation=$17, > disabled=$18 where userid=$19 > > > On Tue, May 24, 2016 at 10:44 AM, Morten Olav Hansen <mor...@dhis2.org> > wrote: > >> Would it be possible to disregard updates on column password only? >> >> -- >> Morten Olav Hansen >> Senior Engineer, DHIS 2 >> University of Oslo >> http://www.dhis2.org >> >> On Tue, May 24, 2016 at 3:43 PM, Jason Pickering < >> jason.p.picker...@gmail.com> wrote: >> >>> Someone who wishes to remain anonymous requested some useful logging. >>> >>> create or replace function cant_touch_this() returns trigger language >>> plpgsql as $$ >>> begin >>> RAISE EXCEPTION 'Hammertime!'; >>> return null; >>> >>> end $$; >>> >>> create trigger prevent_changing_password before update on users >>> FOR EACH ROW >>> execute procedure cant_touch_this(); >>> >>> >>> >>> On Tue, May 24, 2016 at 10:01 AM, Jason Pickering < >>> jason.p.picker...@gmail.com> wrote: >>> >>>> I think this will work. Tested it locally >>>> >>>> create or replace function cant_touch_this() returns trigger language >>>> plpgsql as $$ >>>> begin >>>> >>>> return null; >>>> >>>> end $$; >>>> >>>> create trigger prevent_changing_password before update on users for >>>> each row execute procedure cant_touch_this(); >>>> >>>> On Tue, May 24, 2016 at 9:39 AM, Morten Olav Hansen <mor...@dhis2.org> >>>> wrote: >>>> >>>>> There are at least 4-5 different ways of doing it though... >>>>> /api/userAccount, /api/me, any kind of user import etc... >>>>> >>>>> -- >>>>> Morten Olav Hansen >>>>> Senior Engineer, DHIS 2 >>>>> University of Oslo >>>>> http://www.dhis2.org >>>>> >>>>> On Tue, May 24, 2016 at 2:39 PM, Jason Pickering < >>>>> jason.p.picker...@gmail.com> wrote: >>>>> >>>>>> That sounds like perhaps the best way to me. >>>>>> >>>>>> Just block POST to >>>>>> >>>>>> https://play.dhis2.org/dhis-web-commons-about/updateUserAccount.action >>>>>> >>>>>> and perhaps its API equivalent if it exists? >>>>>> >>>>>> Are there other ways? >>>>>> >>>>>> >>>>>> On Tue, May 24, 2016 at 9:34 AM, Bob Jolliffe <bobjolli...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Could we use nginx to prevent access to the action. Redirect to >>>>>>> somewhere punitive :-) >>>>>>> On 24 May 2016 03:38, "Morten Olav Hansen" <mor...@dhis2.org> wrote: >>>>>>> >>>>>>>> I agree that it would be helpful. A couple of issues: >>>>>>>> >>>>>>>> 1) If using the web-api, it would require it to be a valid >>>>>>>> password, so "district" would no longer work (District1?) >>>>>>>> >>>>>>>> 2) If instead injecting with SQL, one would also have to clear the >>>>>>>> cache >>>>>>>> >>>>>>>> -- >>>>>>>> Morten Olav Hansen >>>>>>>> Senior Engineer, DHIS 2 >>>>>>>> University of Oslo >>>>>>>> http://www.dhis2.org >>>>>>>> >>>>>>>> On Tue, May 24, 2016 at 3:37 AM, John Mukulu < >>>>>>>> john.f.muk...@gmail.com> wrote: >>>>>>>> >>>>>>>>> I concur, >>>>>>>>> Or even a simple repeated 5 mins cronjob script to reset the >>>>>>>>> password via API. >>>>>>>>> >>>>>>>>> On Mon, May 23, 2016 at 9:19 PM, Jim Grace <j...@dhis2.org> wrote: >>>>>>>>> >>>>>>>>>> Sounds reasonable to me. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, May 23, 2016 at 1:16 PM, Jason Pickering < >>>>>>>>>> jason.p.picker...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Increasingly people change the password of the demo server. >>>>>>>>>>> >>>>>>>>>>> Can we put a database trigger in place to prevent this from >>>>>>>>>>> being changed? It causes problems for people in general. >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> Jason >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Jason P. Pickering >>>>>>>>>>> email: jason.p.picker...@gmail.com >>>>>>>>>>> tel:+46764147049 >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Jim Grace >>>>>>>>>> Core developer, DHIS 2 >>>>>>>>>> HISP US Inc. >>>>>>>>>> http://www.dhis2.org <https://www.dhis2.org/> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *http://mukulu.me <http://mukulu.me>* >>>>>>>>> *Open source developer* >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core >>>>>>> Post to : dhis2-devs-core@lists.launchpad.net >>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core >>>>>>> More help : https://help.launchpad.net/ListHelp >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Jason P. Pickering >>>>>> email: jason.p.picker...@gmail.com >>>>>> tel:+46764147049 >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Jason P. Pickering >>>> email: jason.p.picker...@gmail.com >>>> tel:+46764147049 >>>> >>> >>> >>> >>> -- >>> Jason P. Pickering >>> email: jason.p.picker...@gmail.com >>> tel:+46764147049 >>> >> >> > > > -- > Jason P. Pickering > email: jason.p.picker...@gmail.com > tel:+46764147049 >
-- Mailing list: https://launchpad.net/~dhis2-devs-core Post to : dhis2-devs-core@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs-core More help : https://help.launchpad.net/ListHelp
