Make sure we use a dedicate DB user with limited privileges #1
Comments
|
Currently it uses the bugzilla password and not root password btw https://github.com/unee-t/processInvitations/blob/master/main.go#L71 |
|
We use whatever is the MYSQL_USER / MYSQL_PASSWORD is https://github.com/unee-t/env/blob/master/main.go |
franck-boullier
added a commit
that referenced
this issue
Jan 28, 2020
* use variable instead of hard coding of the region * DRAFT - add environment variable file and deploy script * identify hard coded variable in `asset_dev.gen` * identify all the files with hard coded variables * added some minor changes * remove unnecessary hard coded variables * WIP - try to replace hard coded variables in web/Makefile * add missing variables * update hard coded variables for the DEV for Unee-T INS * replace hard coded variable with variable from Travis CI settings * minor lint change * update confusing values for `stages` * identify more hard coded variables * identify more hard coded variables * update environment variable for Unee-T INS DEV * add more environment variables * Use environment variables * Create deploy.sh file to call aws-env.STAGE * Edit stage * Use Unee-T-INS repository * Use correct zone and domain * Add the ZONE variable * skip-cleanup is deprecated * use environment variables for greater versatility and simplification * make variables more versatile * WIP - we need to review how project.[STAGE].json is generated * use hard coded variables for Unee-T INS * clarify source of variables and how things work * add missing environment variable * WIP - use variables to generate a single project.json file * add some clarification * will this work now? * update based on Kai input in commits from Jan 11th * update based on Kai input in commits from Jan 11th * update go dependencies list * update checksums for dependencies * update based on Kai input in commits from Jan 11th * add a file to generate JSON from variables - DEV environment only * TEMPORARY HACK use hardcoded variable for this environment * TEMPORARY HACK use hardcoded variable for this environment * TEMPORARY HACK use hardcoded variable for this environment * TEMPORARY HACK use hardcoded variable for this environment * test deploy on remove_hard_coded_variables branch * skip test step * use variable instead of hard coding of the region * DRAFT - add environment variable file and deploy script * identify hard coded variable in `asset_dev.gen` * Update for ins-dev * Use variables from parameter store * Create invites queue and test * Revert "Create invites queue and test". This reverts commit 55e3bb1. * Revert "Use variables from parameter store". This reverts commit e883c7a. * Revert "Update for ins-dev". This reverts commit 1d25b40. * identify all the files with hard coded variables * added some minor changes * remove unnecessary hard coded variables * WIP - try to replace hard coded variables in web/Makefile * add missing variables * update hard coded variables for the DEV for Unee-T INS * replace hard coded variable with variable from Travis CI settings * minor lint change * update confusing values for `stages` * identify more hard coded variables * identify more hard coded variables * update environment variable for Unee-T INS DEV * add more environment variables * Use environment variables * Create deploy.sh file to call aws-env.STAGE * Edit stage * Use Unee-T-INS repository * Use correct zone and domain * Add the ZONE variable * skip-cleanup is deprecated * use environment variables for greater versatility and simplification * make variables more versatile * WIP - we need to review how project.[STAGE].json is generated * use hard coded variables for Unee-T INS * clarify source of variables and how things work * add missing environment variable * WIP - use variables to generate a single project.json file * add some clarification * will this work now? * update based on Kai input in commits from Jan 11th * update based on Kai input in commits from Jan 11th * update go dependencies list * update checksums for dependencies * update based on Kai input in commits from Jan 11th * add a file to generate JSON from variables - DEV environment only * TEMPORARY HACK use hardcoded variable for this environment * TEMPORARY HACK use hardcoded variable for this environment * TEMPORARY HACK use hardcoded variable for this environment * TEMPORARY HACK use hardcoded variable for this environment * test deploy on remove_hard_coded_variables branch * skip test step * Config AWS CLI Profile * Check variables in aws-env.STAGE * Check the deploy file is used to deploy * Check the travis file * Test use the web/deploy.sh * Test with the web/make * Test with the web/make * Travis CI check with web/deploy.sh * make sure we have consistent syntax for travis.yml file * DO WE NEED THESE FILES? * Move files from /web to main repo * Move files from /web to main directory * fix issue on .travis.yml * fix issue on .travis.yml * find the missing variable * find the missing variable * find the missing variable * fix the Makefile and add some comments * Try to setup aws cli in .travis.yml file * move main.go and main_test.go to web directory * test travis with variables in travis * setup aws cli in .travis.yml file * hardcode the TRAVIS_PROFILE variable in the Makefile * Add some more comments and tidy up * Tiddy up and improve comments * remove project.[STAGE].* file that are no in use anymore * aws-env.[STAGE] is still WIP * add the project.[STAGE] files back as they might be needed Co-authored-by: tuananh1508 <[email protected]> Co-authored-by: Kai Hendry <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to improve security we need to make sure that the lambda function which performs the insert is run by a db user with limited privileges.
Ideally this user should only be able to insert data in the table 'ut_invitation_api_data' and nothing else.
The text was updated successfully, but these errors were encountered: