You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/using-gitbase/security.md
+20-20Lines changed: 20 additions & 20 deletions
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ User credentials can be specified in the command line or using a user file. For
8
8
gitbase server --user root --password r00tp4ssword! -d /my/repositories/path
9
9
```
10
10
11
-
If you want to have more than one user or do not have the password in plain text you can use a user file with this format:
11
+
If you want to have more than one user or not having the password in plain text you can use a user file with the following format:
12
12
13
13
```json
14
14
[
@@ -24,34 +24,34 @@ If you want to have more than one user or do not have the password in plain text
24
24
]
25
25
```
26
26
27
-
You can either specify a plain text password or hashed. Hashed version uses the same format as MySQL 5.x passwords. You can generate the native password with this command, remember to prefix the hash with `*`:
27
+
You can use a hashed or plain text password. Hashed version uses the same format as MySQL 5.x passwords. You can generate the native password with this command, remember to prefix the hash with `*`:
There are two permissions you can set to users, `read` and `write`. `read` only allows executing queries. `write` is needed to create and delete indexes or lock tables. If no permissions are set for a user the default permission is `read`.
33
+
There are two permissions you can set for users, `read` and `write`. `read` only allows executing read-only queries that do not modify the internal state or the data itself. `write` is needed to create and delete indexes or lock tables. If no permissions are set for a user the default permission is `read`.
34
34
35
-
Then you can specify which user file to use with parameter`--user-file`:
35
+
Then you can specify which user file to use with the`--user-file` parameter:
36
36
37
37
```
38
38
gitbase server --user-file /path/to/user-file.json -d /my/repositories/path
39
39
```
40
40
41
41
## Audit
42
42
43
-
Gitbase offer audit traces on logs. Right now, we have three different kinds of traces; for`authentication`, `authorization` and `query`
43
+
Gitbase offers audit traces on logs. Right now, we have three different kinds of traces:`authentication`, `authorization` and `query`
44
44
45
45
### Authentication
46
46
47
47
Trace triggered when a user is trying to connect to gitbase. It contains the following information:
48
48
49
49
- action: Always `authentication`.
50
50
- system: Always `audit`
51
-
- address: Address from the client that is trying to connect.
51
+
- address: Address of the client trying to connect.
52
52
- err: Human readable error if the authentication was not successful.
53
-
- success: True or false depending on if the client authenticated correctly or not.
54
-
- user: Username that is trying to connect
53
+
- success: True or false depending on whether the client authenticated correctly or not.
54
+
- user: Username trying to connect
55
55
56
56
Example:
57
57
@@ -65,13 +65,13 @@ Trace triggered checking when a user is authorized to execute a specific valid q
65
65
66
66
- action: Always `authorization`.
67
67
- system: Always `audit`
68
-
- address: Address from the client.
69
-
- success: True or false depending on if the client has been authorized correctly or not.
70
-
- user: Username that is trying to connect.
71
-
- connection_id: Unique connection identifier from the request is being done.
68
+
- address: Address of the client.
69
+
- success: True or false depending on whether the client has been authorized correctly or not.
70
+
- user: Username trying to execute the query.
71
+
- connection_id: Unique connection identifier of the current request.
72
72
- permission: Permission needed to execute the query.
73
-
- pid: Pid returns the process ID associated with this context. It will grow over the queries sent to gitbase.
74
-
- query: Query that the client is trying to execute.
73
+
- pid: Pid returns the process ID associated with this context. It will change in subsequent queries sent using the same connection.
74
+
- query: Query that client is trying to execute.
75
75
76
76
Example:
77
77
@@ -85,12 +85,12 @@ Trace triggered at the end of the executed query. It contains the following info
85
85
86
86
- action: Always `query`.
87
87
- system: Always `audit`
88
-
- address: Address from the client.
89
-
- success: True or false depending on if the query was executed or not.
90
-
- user: Username that is executing the query.
91
-
- connection_id: Unique connection identifier from the request is being done.
92
-
- pid: Pid returns the process ID associated with this context. It will grow over the queries sent to gitbase.
93
-
- query: Query that the client is trying to execute.
88
+
- address: Address of the client.
89
+
- success: True or false depending on whether the query was executed or not.
90
+
- user: Username executing the query.
91
+
- connection_id: Unique connection identifier of the current request.
92
+
- pid: Pid returns the process ID associated with this context. It will change in subsequent queries sent using the same connection.
93
+
- query: Query that client is trying to execute.
94
94
- err: If `success=false`. Human readable error describing the problem.
0 commit comments