[Discussion] Issues in the script #357
Replies: 8 comments 3 replies
-
LordRalex wrote at Aug 31 2016 19:45:11 UTC: You gave 0 information as to anything being wrong, and even going so far as to making assumptions about how things work without looking.... The scripts does no hashing on the MySQL password, because we need to use it. We also generated that account, so if your DB is kicking it back right when it is made, you have a problem that is totally outside of our process. Instead of trying to fix something, explain your problem, because so far, you have shown that you do not know what is happening, and are trying to solve something that is completely unrelated. |
Beta Was this translation helpful? Give feedback.
-
LordRalex wrote at Aug 31 2016 19:45:11 UTC: There is your problem. All of your issues (except for the nginx one) resulted because you tried to handle a step the installer does. We create the Pufferpanel database AND the user for it. You should not be touching that, and probably broke the installer because of it. http://www.pufferpanel.com/docs/getting-started There is no mention anywhere that you create the user, and the script. Let the installer do it's job and create the user. |
Beta Was this translation helpful? Give feedback.
-
Pandry wrote at Aug 31 2016 19:45:11 UTC: hooh, so I should gave to the script the root privileges? Because it could be unsafe if someone would read the config file :/ (And anyway it could be explicited written) |
Beta Was this translation helpful? Give feedback.
-
LordRalex wrote at Aug 31 2016 19:45:11 UTC: When you enter the MySQL credentials, we use those to create our own account, which is allowed ONLY access on localhost, the docker interface IPs (172.17.42.%) and the IP that the script used to connect to the database. Said use also ONLY has the following rights: GRANT SELECT, UPDATE, DELETE, ALTER, INSERT ON pufferpanel.* If someone does read the config, there is only so much they could actually do. There is no simple way to "protect" that password without having it easily "resolved" (hashing won't solve it, because then MySQL will reject it..., encryption just makes it not easy to read, but will stop absolutely no one, which is why it's a large randomly generated string). Even within the script, once the new user and the database are made, we switch to the regular user we just made for additional processing. The script uses root to create what it needs. It does not save those credentials anywhere. That should have been clear when you were reading the code really. I would prefer that you explain your problem and we give you the reason why, than you trying to define a problem (which did not exist to start with), and trying to declare some fix that is not related.... |
Beta Was this translation helpful? Give feedback.
-
Pandry wrote at Aug 31 2016 19:45:11 UTC: Okay, so it's not a bug (I've corrected the title) and I'm sorry but i dodn't still read the script... Anyway I think that the root user shouldn't be used, at least for me, so, it could be possible to make a if where if the user is != from root || admin so the script could intend that the user is specifically made for the panel only... It's just an idea... Or anyway write to inserit the root credentials or the credential of a user that could create another user and a DB... I'm sorry (again) for the trouble |
Beta Was this translation helpful? Give feedback.
-
LordRalex wrote at Aug 31 2016 19:45:11 UTC: I can try to clarify it, but the most text that we display, the less likely people read it. Right now, it gives this warning: Enter the MySQL username (MUST HAVE GRANT) [root]: We default to root if you don't provide a username, and explicitly say that user needs grant. Without writing huge amounts of text that will get ignored even more, a check to see if it's root is not exactly accurate, because even a root@1.2.3.4 may not have the same permissions as root@localhost. |
Beta Was this translation helpful? Give feedback.
-
Pandry wrote at Aug 31 2016 19:45:11 UTC: Maybe add a waring notify in red writing that the root accound should be used... |
Beta Was this translation helpful? Give feedback.
-
falceso wrote at Aug 31 2016 19:45:11 UTC: You could do
And you would run it in root without accessing the physical root account. |
Beta Was this translation helpful? Give feedback.
-
Pandry wrote at Aug 31 2016 19:45:11 UTC:
Hi
I'm new in this project (coming from the easy-wi panel)
I've installed the panel, but having some issues...
The installing script is a bit bugged...
I've installed the panel and I immediatly gos some issues...
The first problem is that the nginx config is not replaced, but that's not so harmful
The second one it is...
The script problaly hash the MySQL password (I didn't gave it a look), so every thing is fucked because the password is not checked, so it fucks some things...
My idea is easy:
You make install php5, so, to check the password you run a easy php scrpt that check if the connection can be estabilished :D
(Sorry for my bad English but I'm from my phone)
(If I'll have time I'll add the check )
Beta Was this translation helpful? Give feedback.
All reactions