-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
* Corrected documentation regarding database. #534
Conversation
nolantellis
commented
Oct 28, 2020
- Corrected code to include new liquibase user.
- corrected documentation
* Corrected code to include new liquibase user.
site.properties
Outdated
#jdbc.driver = com.mysql.jdbc.Driver | ||
#jdbc.url = jdbc:mysql://localhost:3306/apromore?createDatabaseIfNotExist=true&autoReconnect=true&allowMultiQueries=true&rewriteBatchedStatements=true&characterEncoding=utf-8 | ||
#jdbc.username = root | ||
#jdbc.password = MAcri | ||
# | ||
#jpa.database = MYSQL | ||
#jpa.databasePlatform = org.eclipse.persistence.platform.database.MySQLPlatform | ||
#jpa.showSql = false | ||
#jpa.generateDDL = false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why don't we use the same 'apromore' user like H2 instead of 'root'?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can it is named "liquibase_user" instead of "db_user" (it is full privileges)? The name will be shown in the database management tool for information as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure how it became root. Changeing that back to apromore. It was a mistake.
db_user is just a name. And looking at the Docs of mysql about the privileges, All privileges is the right 1. (i.e ALL privileges does not include create user.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Corrected to liquibase_usr
site.properties
Outdated
## Liquibase User Mysql | ||
#liquibase.jdbc.username = db_user | ||
#liquibase.jdbc.password = 7fHJV41fpJ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'7fHJV41fpJ': is it an encrypted value of the password or is it the password? If it is the password, then it should be encrypted as it can be seen easily in this file (it is full privileges).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Its just a random passowrd. encryption is a different logic which we can consider later. Its not in this scope
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok if it's a low security risk for showing password of an "All privileges" user in a text file. Any justification?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The use is excactly the same as apromore user at this time.
All previleges is only for apromore db, and as per the mysql5.7 doc All privilege is DML and DDL and not USER management.
I Agree this is not the right way, but thats another scope to consider not only for liquibase but also for apromore user.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://dev.mysql.com/doc/refman/5.7/en/grant.html (Table 13.8, the "Level" information). There's a risk of losing data due to password is revealed in plain text file for 'apromore' and 'liquibase_user', at the same risk level for both users. This risk should be addressed in the future if possible.
Two elements with same @id ("dataSource") in the same XML file is confusing, so removed it from the embedded bean.
…4' into task/update-liquibase-doc/AP-2484
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm satisfied that it starts properly with zero configuration under H2, and that it starts properly under MySQL given the setup described in README.md.