On 06/10/16 11:33, Jorick Astrego wrote: > For troubleshooting I used the foreman-rake console with "User.current = > User.anonymous_admin". > > This enables me to do several things to our foreman environment without > authenticating. How can I disable this for security purposes?
You can't, and it'd be rather pointless as it's trivial to work around. The console is a fully interactive Ruby script that you're executing, so any in-process security measure can be bypassed easily. Executing any foreman-rake command successfully indicates you already have direct access to the database because the console process itself connects to the DB. Probably via a Unix domain socket and optionally with username/password stored in /etc/foreman/database.yml. You should restrict access to the database and credentials to tighten security, not try to restrict behaviour of this one script that accesses it. -- Dominic Cleal [email protected] -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
