Comment 3 for bug 954283
Revision history for this message
| Pierre Chifflier (pollux-debian) wrote Re: Fwd: [Bug 954283] Re: OCS Inventory 2.0 not used dbconfig - Security issue by default | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Tue, Mar 13, 2012 at 11:19:24PM +0100, HacKurx wrote:
> Hi,
>
> ding a problem with ocsinventory,
>
> thank you, best regards
[.. snip ..]
>
> Bug description:
> Hello and thank you for your work,
>
> Since version 2 of ocsinventory no longer uses dbconfig-common to
> create database with a chosen password.
>
> A security message is displayed, the handling to make:
> http://
>
> But if dbconfig is used again only the password for the admin account
> should be changed.
> Debian and Ubuntu requires a minimum of security by default and it is
> not the case with this version of ocsinventory.
>
> If the database is created with dbconfig, one can use the command dpkg
> --purge to remove database and the package which is no longer the case
> at present.
>
Hi,
Not sure I understand ... You mean the problem is that a *root* user
(which is the only one that can run dpkg commands) is able to remove the
database ? Or that users have to change the defaults passwords ? I don't
see how this would be related to the packaging.
Pierre