On Tue, Mar 13, 2012 at 11:19:24PM +0100, HacKurx wrote:
> Hi,
>
> ding a problem with ocsinventory,
>
> thank you, best regards
[.. snip ..]
>
> Bug description:
> Hello and thank you for your work,
>
> Since version 2 of ocsinventory no longer uses dbconfig-common to
> create database with a chosen password.
>
> A security message is displayed, the handling to make:
> http://wiki.ocsinventory-ng.org/index.php/Documentation:Secure
>
> But if dbconfig is used again only the password for the admin account
> should be changed.
> Debian and Ubuntu requires a minimum of security by default and it is
> not the case with this version of ocsinventory.
>
> If the database is created with dbconfig, one can use the command dpkg
> --purge to remove database and the package which is no longer the case
> at present.
>
Hi,
Not sure I understand ... You mean the problem is that a *root* user
(which is the only one that can run dpkg commands) is able to remove the
database ? Or that users have to change the defaults passwords ? I don't
see how this would be related to the packaging.
On Tue, Mar 13, 2012 at 11:19:24PM +0100, HacKurx wrote:
> Hi,
>
> ding a problem with ocsinventory,
>
> thank you, best regards
[.. snip ..]
> wiki.ocsinvento ry-ng.org/ index.php/ Documentation: Secure
> Bug description:
> Hello and thank you for your work,
>
> Since version 2 of ocsinventory no longer uses dbconfig-common to
> create database with a chosen password.
>
> A security message is displayed, the handling to make:
> http://
>
> But if dbconfig is used again only the password for the admin account
> should be changed.
> Debian and Ubuntu requires a minimum of security by default and it is
> not the case with this version of ocsinventory.
>
> If the database is created with dbconfig, one can use the command dpkg
> --purge to remove database and the package which is no longer the case
> at present.
>
Hi,
Not sure I understand ... You mean the problem is that a *root* user
(which is the only one that can run dpkg commands) is able to remove the
database ? Or that users have to change the defaults passwords ? I don't
see how this would be related to the packaging.
Pierre