#1 2012-09-13 09:30:49

Bascy
Member
From: The Netherlands
Registered: 2012-06-22
Posts: 108

Please add a default Guest user to AuthUsers when creating the table

This will make it much simpler to test authentication on a default database as it adds a restricted user who restrictions can be tested immediatly

Offline

#2 2012-09-13 14:46:57

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,546
Website

Re: Please add a default Guest user to AuthUsers when creating the table

TSQLAuthGroup.InitializeTable will now create a new 'Guest' AuthUser row, with a void ('') password.

But I wonder if it is not a security concern...

Offline

#3 2012-09-13 20:44:44

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,567
Website

Re: Please add a default Guest user to AuthUsers when creating the table

I think it`s bad idea. For example, if I install any database server or linux distributive  there is no guest user in it, is it?

Offline

#4 2012-09-14 06:10:06

Bascy
Member
From: The Netherlands
Registered: 2012-06-22
Posts: 108

Re: Please add a default Guest user to AuthUsers when creating the table

Why not add the Guest user with the same password as User, Admin, Supervisor .. that way you can't be comprising the security any more than you already do?

Offline

#5 2012-09-14 06:23:40

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,546
Website

Re: Please add a default Guest user to AuthUsers when creating the table

I did not add the Guest user by default, for security reasons.

In all cases, any application should change the user settings, at least the default password!

If it is about automated testing, you can change the groups / users as expected, with just some lines of code.

Offline

Board footer

Powered by FluxBB