Comments (5)
april
commented on August 23, 2024
These accounts are setup by the Docker process and the passwords are here:
https://github.com/mozilla/http-observatory/blob/master/httpobs/database/schema.sql.docker.sql
If you have documentation on how to make the docker process work more smoothly, I'd love to add it.
from http-observatory.
briner
commented on August 23, 2024
Oh I think we misunderstood each other.
Let me explain the context.
I did not use doker at all. I only used the docker-compose.yml as a documentation.
We see in docker-compose.yml that the api and the scanner users have a different user/password to connect to the database. In the same manner, we observe these users have different GRANT (here, here)
As I'm not using docker to run the whole software, I try to understand where and how I can setup a configuration file for the api and for the scanner, so that they read their respective user/password to connect to the database.
For the scanner, I found that it is reading /etc/httpobs.conf in the httpobs/conf module.
Now, for the api, I've setup the user/password as an environment in systemd. I do not really like that the process take its user/password within the environnement or within the systemd service.
So the question are:
- Where the api reads its configuration from ?
- Does it read it from /etc/httpobs.conf ?
- If so, what lines should I add to it to setup the user/password for api process.
from http-observatory.
briner
commented on August 23, 2024
I finally decided to debug this part. I verifide that httpobs.conf was read by the process with a strace. So it did.
I modified the httpobs/conf/__init__.py to add some prints, and realize that it does read the pass stored in the section database. But scanner and the api does use the same user/password to connect to the database.
So I'm a bit stucked as the schema use two different users and that httpobs.conf does not give this abilitiy.
from http-observatory.
april
commented on August 23, 2024
So the scanner and API were specifically designed to be run on separate machines for security reasons. There are fields that one can write to that the other can only read from.
That said, if you want to run them on the same machine, you have a couple options:
- Create a user account for each, and put the configuration in ~/.httpobs.conf
- Set the HTTPOBS_DATABASE_USER and HTTPOBS_DATABASE_PASS environmental variables for each of their respective processes. That's what I do for local development.
from http-observatory.
briner
commented on August 23, 2024
Thanks for your clarification.
Seems good to me to close it.
from http-observatory.
Related Issues (20)
- Not Working for localhost website HOT 2
- Content Security Policy (CSP) implemented unsafely HOT 1
- Update Observatory's user agent HOT 3
- Don't recommend "Deny by default" when prefetch-src is experimental
- Use "raw" headers when parsing CSP
- Allow multiple headers when parsing CSP HOT 7
- Can't run it on ARM Mac HOT 2
- FAQ links to non-existent site (htbridge.com/ssl) HOT 1
- database-down HOT 3
- .
- Installation Error (Error in anyjson package.) HOT 1
- CSP in <meta> is not analyzed when sent together with CSP in header HOT 2
- mozilla
- Blank http-equiv causes CSP test to fail with 'csp-header-invalid'
- requires.io is gone HOT 1
- Docker Compose up - not working due to old version of python HOT 1
- Set-cookie: HttpOnly flag seems to misinterpreted by Observatory checks
- Problematic advice regarding cookies with HSTS without secure flag
- Error: HTTP Observatory is down HOT 3
- Localhost check is too broad
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from http-observatory.