Part 3 of a more secure default set up

With this commit, the hardcoded default barcode is replaced by an
MD5 hash of a random string of numbers, preventing the barcode from
being used as a known login name in the OPAC interface (which would
remove one of the factors required in a brute forcing of the account
credentials).

You probably don't want to change the barcode for the admin user,
but if you feel the need you can use the usual patron editor in
the staff client.

Thanks to Thomas Berezansky for suggesting this additional change.

git-svn-id: svn://svn.open-ils.org/ILS/branches/rel_2_0@19246 dcc99617-32d9-48b4-a31d-7c20da2025e4

diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index 882e3e0..59728a9 100644 (file)
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -2155,8 +2155,8 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SE
 INSERT INTO actor.usr ( profile, card, usrname, passwd, first_given_name, family_name, dob, master_account, super_user, ident_type, ident_value, home_ou ) VALUES ( 1, 1, md5(random()::text), md5(random()::text), 'Administrator', 'System Account', '1979-01-22', TRUE, TRUE, 1, 'identification', 1 );
 
 -- Admin user barcode
-INSERT INTO actor.card (usr, barcode) VALUES (1,'101010101010101');
-UPDATE actor.usr SET card = (SELECT id FROM actor.card WHERE barcode = '101010101010101') WHERE id = 1;
+INSERT INTO actor.card (usr, barcode) VALUES (1,md5(random()::text));
+UPDATE actor.usr SET card = (SELECT currval('actor.card_id_seq')) WHERE id = 1;
 
 -- Admin user permissions
 INSERT INTO permission.usr_perm_map (usr,perm,depth) VALUES (1,-1,0);