On Mon, Aug 6, 2012 at 11:21 AM, Andrea Aime
<andrea.a...@geo-solutions.it>wrote:
> On Mon, Aug 6, 2012 at 7:14 PM, Justin Deoliveira <jdeol...@opengeo.org>
> wrote:
> >
> > What if on migration we generated a random password for the root account.
> > And also provide the plain text version of it (perhaps in a supplementary
> > file next to the master password file). Anyways, the idea would be for
> the
> > admin doing the upgrade to check this file, and change the master
> password
> > immediately. It would be more secure than a default password since you
> would
> > really need access to the server file system to get at it.
> >
> > Regardless, whatever we choose will have to be clearly documented and
> should
> > be made clear in any blog posts or releases notes.
>
> How about just having the master password be equal to the "admin" user
> password,
> if that user is present? Would make for a reasonable upgrade for most
> people.
>
Agreed, this would make the most sense and I am not 100% sure why we are
not doing this already since on migration the admin password is available
in plain text so no need to do any decryption or anything. I think it has
to do with the startup sequence in which we need to basically create the
master password as the first thing before we do any of the other migration.
But still we should be able to just read the old password regardless before
creating the master paswd config.
@Christian: Do you see any problem with that?
>
>
> > Yeah, in general we have always lagged behind a bit in terms of the
> > configurations we store in version control. One of the nice things about
> > this is that it forces the devs to constantly deal with backward
> > compatibility. Given that the first bit of a new stable release tends to
> be
> > a bit "unstable" it seems safer to keep the official configuration
> lagging
> > behind a bit. But eventually yes I think we should change it.
>
> Agreed
>
> >> Next, it is not necessary to have an "admin" user because we have the
> >> "root" user. The advantage of having no "admin" user is to force
> people to
> >> do a master password change, the disadvantage is that the "admin" user
> is
> >> referenced in the documentation very often.
> >>
> > Well I do think they serve different purposes as the admin account is
> used
> > for day to day administration and the root account is really just a
> backdoor
> > in cases where something has really been fowled up...
>
> Agreed
>
> >
> >>
> >> Please remember, the master password used by "root" is also used to
> >> protect the new geoserver key store. This password is the Achilles
> tendon of
> >> the system.
> >>
> >> Opinons ?
>
> Ouch, let's not talk about Achille's tendons, I already teared apart one!
> :-p
>
> Cheers
> Andrea
>
>
> --
> ==
> Our support, Your Success! Visit http://opensdi.geo-solutions.it for
> more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 962313
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
