[PATCH] lib: Grant SELECT on auth_user
stephen at that.guru
Mon Dec 14 05:20:15 AEDT 2020
On Sat, 2020-11-28 at 17:35 +0000, Stephen Finucane wrote:
If a mail arrives with the 'X-Patchwork-Delegate' hint header, the
'patchwork.parser' script will need to index the users table to find the
appropriate user. This should be okay from a security perspective since
passwords are hashed and salted and the rest of the information is
mostly accessible publicly via the web UI and REST API.
Signed-off-by: Stephen Finucane <stephen at that.guru>
Suggested-by: Ali Alnubani <alialnu at mellanox.com>
I've applied this and backported it to stable/2.2.
More information about the Patchwork