<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:23:48 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2862] Stop using superuser rights on the database</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2862</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;At the moment every tenant gets a bunch of (hopefully) unique users in the database, one for almost every module, if not for every. Therefore FOLIO has to hold superuser rights on the database.&lt;/p&gt;

&lt;p&gt;This is bad design. Serious botched, Cisco-level fuckup, with major security implications that should have never seen the light of day. With this model the database server has to be dedicated for Folio, nobody is able to use any non-dedicated database server because a single error/security bug within Folio compromises everything. &lt;/p&gt;

&lt;p&gt;Here&apos;s a thread of a German hacker who analyzed the German Corona tracking app and gives advise how to do it properly with Postgres:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://twitter.com/alvar_f/status/1267705319280586753&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://twitter.com/alvar_f/status/1267705319280586753&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;One database user per module, one database per module, tables within prefixed with the tenant. And then handle security on this level, taking Alvars tips into consideration.&lt;/p&gt;

&lt;p&gt;And if you&apos;re on it - rework the database to use a relational model instead of a JSON trash heap. &lt;/p&gt;</description>
                <environment></environment>
        <key id="79702">FOLIO-2862</key>
            <summary>Stop using superuser rights on the database</summary>
                <type id="10000" iconUrl="https://folio-org.atlassian.net/images/icons/issuetypes/epic.svg">Epic</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5">Johannes Drexl</reporter>
                                    <labels>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Wed, 4 Nov 2020 15:24:16 +0000</created>
                <updated>Thu, 7 Jul 2022 16:00:03 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>5</watches>
                                                                <comments>
                                                            <comment id="189620" author="5ee89462f7aa140abd82d11d" created="Tue, 10 Nov 2020 18:08:31 +0000"  >&lt;p&gt;Is this a duplicate of 
    &lt;span class=&quot;jira-issue-macro&quot; data-jira-key=&quot;FOLIO-1935&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-1935&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Service creating ROLE and SCHEMA on tenant initialization&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            FOLIO-1935
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-complete jira-macro-single-issue-export-pdf&quot;&gt;Draft&lt;/span&gt;
            &lt;/span&gt;
? If not what is the difference?&lt;/p&gt;</comment>
                                                            <comment id="189623" author="5ae08bd47b44642d39d323c4" created="Fri, 13 Nov 2020 14:07:30 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5&quot; class=&quot;user-hover&quot; rel=&quot;712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5&quot; data-account-id=&quot;712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5&quot; accountid=&quot;712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5&quot; rel=&quot;noreferrer&quot;&gt;Johannes Drexl&lt;/a&gt; the Security group would like to close this issue as a duplicate of 
    &lt;span class=&quot;jira-issue-macro&quot; data-jira-key=&quot;FOLIO-1935&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-1935&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Service creating ROLE and SCHEMA on tenant initialization&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            FOLIO-1935
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-complete jira-macro-single-issue-export-pdf&quot;&gt;Draft&lt;/span&gt;
            &lt;/span&gt;
, unless you can identify material differences.&lt;/p&gt;</comment>
                                                            <comment id="189624" author="712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5" created="Fri, 13 Nov 2020 15:01:18 +0000"  >&lt;p&gt;Material differences:&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;1935 talks about granting superuser privilege to a service. This is is a security issue. NO service whatsoever should ever have superuser privileges on a database server. Superuser privileges on databases are for administrators only. My proposal only increases the initial work for the admin a bit, but preserves database server security.&lt;/li&gt;
	&lt;li&gt;1935 still tries to work with one database for all modules. This is botched. One module, one database, no exceptions. Doing it this way also increases portability.&lt;/li&gt;
	&lt;li&gt;1935 still wants to create users for tenants. No such thing should occur. A module may as well use tenant-named tables within its own database structure to split tenants without the need to call into the database with a different user. Since the module harbors all database credentials anyway, the security gained by different users for the same module is null and void, the administrative overhead on the other hand increases exponentially.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;So, no, this is not a duplicate. &lt;/p&gt;</comment>
                                                            <comment id="189627" author="5cf6c546b87c300f36eb7b9a" created="Fri, 13 Nov 2020 16:47:51 +0000"  >&lt;blockquote&gt;&lt;p&gt;This is bad design. Serious botched, Cisco-level fuckup&lt;br/&gt;
...elided...&lt;br/&gt;
instead of a JSON trash heap.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5&quot; class=&quot;user-hover&quot; rel=&quot;712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5&quot; data-account-id=&quot;712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5&quot; accountid=&quot;712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5&quot; rel=&quot;noreferrer&quot;&gt;Johannes Drexl&lt;/a&gt; please refrain from these types of remarks and/or language, it&apos;s not helpful and violates the project &lt;a href=&quot;https://folio-org.atlassian.net/wiki/display/COMMUNITY/FOLIO+Code+of+Conduct&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;code of conduct&lt;/a&gt;.&lt;/p&gt;</comment>
                                                            <comment id="189630" author="712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5" created="Mon, 16 Nov 2020 07:06:06 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c546b87c300f36eb7b9a&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c546b87c300f36eb7b9a&quot; data-account-id=&quot;5cf6c546b87c300f36eb7b9a&quot; accountid=&quot;5cf6c546b87c300f36eb7b9a&quot; rel=&quot;noreferrer&quot;&gt;Craig McNally&lt;/a&gt; Tell me how it is good design to:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Assume superuser rights on an exposed system, any system, during normal operations (actively violating POLP and rendering pg_hba.conf useless)&lt;/li&gt;
	&lt;li&gt;have every module that was ever created registered within the database (a mass of over 70 MB of JSON files, 99.9% of it being trash because outdated and never gonna being used)&lt;/li&gt;
	&lt;li&gt;Using a relational database as file storage&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;I get it, you don&apos;t like the language. You did your best to implement new functions, because those are being rated by libraries, and security is not seen until the whole cardboard house comes crashing down. So you&apos;re all &apos;function predates security&apos;. I get that. This is why stuff like &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2411&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/FOLIO-2411&lt;/a&gt; and &lt;a href=&quot;https://folio-org.atlassian.net/browse/OKAPI-709&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/OKAPI-709&lt;/a&gt; is not being solved. The latter being marked as such, albeit it&apos;s still prominent in the 3.1.2-1 Debian package used for the single server installation, and I take that as a personal insult from dev to sysop, especially (apart from the notion of &apos;here&apos;s the config we give you, but to secure stuff you have to write the config again, and in worst imaginable config format&apos;) since I&apos;ve solved that after a futile wait for over a year and one just has to accept the git pull request done in June, with maybe some little tweaks to make Jenkins tug along.&lt;/p&gt;

&lt;p&gt;So since I&apos;ve told you over the course of 2 years that you have to get rid of the botched stuff that even breaks updates (remember when I tried a model for this whole reference data mess, separating between user, example and system input?), what kind of language is actually the proper one to get things moving and make some people grab a book on proper IT security? I mean, it&apos;s not like Folio is a game server, the worst outcome being lost match statistics. Libraries are the storage of mankinds knowledge. They deserve better.&lt;/p&gt;</comment>
                                                            <comment id="189632" author="5cf6c546b87c300f36eb7b9a" created="Thu, 7 Jul 2022 16:00:03 +0000"  >&lt;p&gt;The Security Team has revisited this and think it deserves some more thought, and probably an RFC.  It will be good to get more eyes and varied perspectives on this problem.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="79900">FOLIO-1935</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="56679">RMB-651</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10013" key="com.pyxis.greenhopper.jira:gh-epic-color">
                        <customfieldname>Epic Color</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ghx-label-2</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10011" key="com.pyxis.greenhopper.jira:gh-epic-label">
                        <customfieldname>Epic Name</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Database security</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10012" key="com.pyxis.greenhopper.jira:gh-epic-status">
                        <customfieldname>Epic Status</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10016"><![CDATA[To Do]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10017" key="com.pyxis.greenhopper.jira:jsw-issue-color">
                        <customfieldname>Issue color</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>dark_yellow</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i01y87:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1423">CP: Non-roadmap backlog</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 10 Nov 2020 18:08:31 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>