https://bugzilla.wikimedia.org/show_bug.cgi?id=46439
--- Comment #7 from Chris Steipp <[email protected]> --- (In reply to comment #3) > As for the impersonation issue, the admins already have the ability to change > the passwords of users. > > As for your other concerns, the URL I linked to states that "The "SQL Box" > link > opens a screen that lets you query the content of the tables in the OTRS > database. It is not possible to change the content of the tables, only > queries > are allowed". I assumed this meant that it would only allow for read-only > access - I'm not sure if that alleviates those concerns at all, or not. From the docs that I found on it, it looks like they let you input a full query, but they probably have some filtering to try and keep you from updating the database. I doubt the filters are perfect, but will hopefully keep you from accidentally modifying something. So yes, I think it's fine to give the feature to a limited number of people for a limited amount of time. And if the data is as bad as Oliver anticipates, then we can turn it off even sooner. If the data is useful, and admins want to build running raw sql commands into their workflow, then we'll need to do a proper assessment of the module, and make sure that only a small whitelist of query formats are allowed. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
