← Back to team overview

c2c-oerpscenario team mailing list archive

[Bug 659949] Re: v6 test security user postgresql

 

Hi

Sorry but the postgres user restriction is not only for Unix/Linux, it
does for windows as well

OpenERP mustn't be launch as postgres user, it's security hole issue,
(don't confuse with OS user, it's not the same)

Regards,

** Changed in: openobject-server
       Status: New => Won't Fix

-- 
v6 test security user postgresql
https://bugs.launchpad.net/bugs/659949
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to OpenERP OpenObject.

Status in OpenObject Server: Won't Fix

Bug description:
Hi, 
in server/bin/openerp-server.py, "import pwd" has been corrected and is now valid just for posix system. (but not corrected in v5)
An other test in this same file is to test if user is postgres, this test is also for posix system I suppose; the problem and bug you will receive in the future is that in some documentations for windows, user postgres is used to install postgresql on windows, see by example this documentation :

http://www.google.fr/url?sa=t&source=web&cd=1&ved=0CBUQFjAA&url=http%3A%2F%2Fwww.syleam.fr%2Fcontent%2Fdownload%2F208%2F1379%2Ffile%2FInstallation_OpenERP_5.0.0_Windows.pdf&rct=j&q=syleam%20openerp%20doc&ei=nr-1TI_WBtWO4gbu3oCgDQ&usg=AFQjCNGsHOVpkajbGhiMLVEbmyvBDM-8jA&cad=rja

Personaly I know that now, but imagin people who don't know this, and will post a bug on launchpad.
line 76, simply change :
if tools.config['db_user'] == 'postgres':
by
if os.name == 'posix' and tools.config['db_user'] == 'postgres':

It's just a suggestion.
Bye





References