[IMP] Disallow connection to PostgreSQL with postgres user himself (security flaws)
bzr revid: christophe.chauvet@syleam.fr-20091207103706-vp3sc1gydbjtqmzg
This commit is contained in:
parent
ac8e7946f5
commit
5b2852e442
|
@ -70,6 +70,12 @@ logger = netsvc.Logger()
|
|||
#-----------------------------------------------------------------------
|
||||
import tools
|
||||
|
||||
# Check if the connection to PostgreSQL don't use postgres user
|
||||
if tools.config['db_user'] == 'postgres':
|
||||
sys.stderr.write("Attempted to connected database with postgres user." \
|
||||
" This is a security flaws, aborting.\n")
|
||||
sys.exit(1)
|
||||
|
||||
logger.notifyChannel("server", netsvc.LOG_INFO, "version - %s" % release.version )
|
||||
for name, value in [('addons_path', tools.config['addons_path']),
|
||||
('database hostname', tools.config['db_host'] or 'localhost'),
|
||||
|
|
Loading…
Reference in New Issue