Mercurial > p > roundup > code
comparison roundup/admin.py @ 7093:f72ce883e677
Mitigation for issue2551246 -u opton to roundup-admin
The -u option ignores the password and doesn't limit access to the
data.
Not a huge issue as currently anybody running it must have read access
to the tracker home and all the credentials. So they can change the
data directly using a db client or read anything they want.
But this wasn't documented. Now it is.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 30 Nov 2022 02:09:16 -0500 |
| parents | 537b24c593af |
| children | db06d4aeb978 |
comparison
equal
deleted
inserted
replaced
| 7089:4d7977d51a4e | 7093:f72ce883e677 |
|---|---|
| 238 Where the command changes data, a login name/password is required. The | 238 Where the command changes data, a login name/password is required. The |
| 239 login may be specified as either "name" or "name:password". | 239 login may be specified as either "name" or "name:password". |
| 240 . ROUNDUP_LOGIN environment variable | 240 . ROUNDUP_LOGIN environment variable |
| 241 . the -u command-line option | 241 . the -u command-line option |
| 242 If either the name or password is not supplied, they are obtained from the | 242 If either the name or password is not supplied, they are obtained from the |
| 243 command-line. | 243 command-line. (See admin guide before using -u.) |
| 244 | 244 |
| 245 Date format examples: | 245 Date format examples: |
| 246 "2000-04-17.03:45" means <Date 2000-04-17.08:45:00> | 246 "2000-04-17.03:45" means <Date 2000-04-17.08:45:00> |
| 247 "2000-04-17" means <Date 2000-04-17.00:00:00> | 247 "2000-04-17" means <Date 2000-04-17.00:00:00> |
| 248 "01-25" means <Date yyyy-01-25.00:00:00> | 248 "01-25" means <Date yyyy-01-25.00:00:00> |