On Tue, Mar 13, 2012 at 11:19:24PM +0100, HacKurx wrote: > Hi, > > ding a problem with ocsinventory, > > thank you, best regards
[.. snip ..] > > Bug description: > Hello and thank you for your work, > > Since version 2 of ocsinventory no longer uses dbconfig-common to > create database with a chosen password. > > A security message is displayed, the handling to make: > http://wiki.ocsinventory-ng.org/index.php/Documentation:Secure > > But if dbconfig is used again only the password for the admin account > should be changed. > Debian and Ubuntu requires a minimum of security by default and it is > not the case with this version of ocsinventory. > > If the database is created with dbconfig, one can use the command dpkg > --purge to remove database and the package which is no longer the case > at present. > Hi, Not sure I understand ... You mean the problem is that a *root* user (which is the only one that can run dpkg commands) is able to remove the database ? Or that users have to change the defaults passwords ? I don't see how this would be related to the packaging. Pierre -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/954283 Title: OCS Inventory 2.0 not used dbconfig - Security issue by default To manage notifications about this bug go to: https://bugs.launchpad.net/ocsinventory-server/+bug/954283/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
