mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-30 18:52:42 +01:00
eb73cb68ff
Summary: Ref T13249. See <https://discourse.phabricator-community.org/t/configuring-the-number-of-taskmaster-daemons/2394/>. Today, when a configuration value is "locked", we prevent //writes// to the database. However, we still perform reads. When you upgrade, we generally don't want a bunch of your configuration to change by surprise. Some day, I'd like to stop reading locked configuration from the database. This would defuse an escalation where an attacker finds a way to write to locked configuration despite safeguards, e.g. through SQL injection or policy bypass. Today, they could write to `cluster.mailers` or similar and substantially escalate access. A better behavior would be to ignore database values for `cluster.mailers` and other locked config, so that these impermissible writes have no effect. Doing this today would break a lot of installs, but we can warn them about it now and then make the change at a later date. Test Plan: - Forced a `phd.taskmasters` config value into the database. - Saw setup warning. - Used `bin/config delete --database phd.taskmasters` to clear the warning. - Reviewed documentation changes. - Reviewed `phd.taskmasters` documentation adjustment. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13249 Differential Revision: https://secure.phabricator.com/D20159 |
||
|---|---|---|
| .. | ||
| application | ||
| check | ||
| constants | ||
| controller | ||
| custom | ||
| editor | ||
| engine | ||
| exception | ||
| issue | ||
| json | ||
| management | ||
| module | ||
| option | ||
| phid | ||
| query | ||
| response | ||
| schema | ||
| storage | ||
| type | ||
| view | ||