[Bug 429281] [NEW] table egw_access_log does not have primary key

nils internationils at gmx.net
Mon Sep 14 10:41:12 UTC 2009 

Public bug reported:

Binary package hint: egroupware

I got passwords mixed up and found my admin user blocked. The FAQ says:

http://www.egroupware.org/index.php?page_name=wiki&wikipage=FAQen
(see #5)
5. My ip or user is blocked. How can I unblock it?

EGroupWare has a security mechanism to prevent attacks. You can tune it
in admin -> Site configuration. You have options like the time for
retries, number of retries, etc. So, this is the first place you have to
take a look at before trying anything else, mostly for further issues.
By default the block time is set to 30 minutes, so after some time you
will be ablte to login again, without doing anything.

Even with this in mind, if for chance a trusted user (or ip) gets
blocked and you want to unlock that user or ip, you have to browse the
egw_access_log table, and search in the session_id field the a value
that's not a session_id nor just 'bad login or password'. You'll find
it, and check that the row data (user, ip) matches the one you want to
unlock (there could be an attacker, too, and you could unlock him), so
using your preferred db tool, make sure you delete this record (there
isn't a unique id field in this table).


BUT: this doesn't work because that table has no primary key:


pgadmin3 shows the following error:

Edit table data without primary key
Since the table public.egw_access_log doesn't have a primary key or OIDs, you can view the data only. Inserting new rows and changing existing rows isn't possible for the Edit Data tool without primary key. 
In order to edit data, pgAdmin III requires a primary key on the table, which is a good database design practice anyway. Alternatively, the table can be created WITH OIDS. Please note that oids are not guaranteed to be unique over a very long period of time, so using oids as kind-of primary key is only second choice. 


To resolve this issue, a primary key should exist for this table.

Running:
nils at kfunambol:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu karmic (development branch)
Release:        9.10
Codename:       karmic
nils at kfunambol:~$ dpkg --status egroupware
Package: egroupware
Status: install ok installed
Priority: optional
Section: web
Installed-Size: 40
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Architecture: all
Version: 1.6.001+dfsg-2
Depends: egroupware-core, egroupware-addressbook, egroupware-bookmarks, egroupware-calendar, egroupware-developer-tools, egroupware-emailadmin, egroupware-etemplate, egroupware-felamimail, egroupware-filemanager, egroupware-infolog, egroupware-manual, egroupware-news-admin, egroupware-notifications, egroupware-phpbrain, egroupware-phpsysinfo, egroupware-polls, egroupware-projectmanager, egroupware-registration, egroupware-resources, egroupware-sambaadmin, egroupware-sitemgr, egroupware-timesheet, egroupware-tracker, egroupware-wiki
Description: web-based groupware suite - metapackage
 eGroupWare is a web-based groupware suite.  It is a flexible framework
 capable of hosting applications such as group calendar, addressbook,
 e-mail, accounting, inventory, and more.  These applications share a
 user store and a flexible access control system to control information
 sharing.  At the core there is an API for PHP that allows creating new
 web-based applications that work within this framework.
 .
 This package is a metapackage containing dependencies on all the
 eGroupWare applications.  It can be used to conveniently install
 eGroupWare with all available applications.
Original-Maintainer: Peter Eisentraut <petere at debian.org>
Homepage: http://www.egroupware.org/
nils at kfunambol:~$

** Affects: egroupware (Ubuntu)
     Importance: Undecided
         Status: New

-- 
table egw_access_log does not have primary key
https://bugs.launchpad.net/bugs/429281
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list