Workbench Passwords Removal Proposal #99
A message was sent to the group https://lists.openmainframeproject.org/g/genevaers-discussion from email@example.com that needs to be approved.
View this message online
reviewing an issue re management of passwords led me to think about the
We currently do not manage our passwords in a way that will comply with the
I partially understand how to fix the issue.
But let's stand back and think about what the workbench is and where we
As a step towards that I propose we think of the workbench as an editor.
As such I think we should remove any password storage from the workbench
Similarly the business of logging into the workbench is not really needed.
Share an environment with others. But treat the workbench just as an editor.
Or maybe just use a local database.... that is then much more like an
This will greatly simplify it and the need for management of accounts etc,
What about someone accidently deleting things? Yep, a valid concern. Open
Reply to the group with comments etc. And we can maybe discuss in our
Looking forward to hearing from you. We need to figure out what we are
The text was updated successfully, but these errors were encountered:
Having been discussing this with others an idea is to use different database schemas as the means of separating access. This can be controlled by the database itself. And thus we will not require our own management. Or need to manage the security groups.
But what about shared metadata I hear you say. Then make a schema dedicated to sharing metadata etc. And if needed migrate via export and import the data needed to a schema controlled by a given team.
Having discussed today more on the daily scrum call, we will be continuing to remove the code in the interest of making the project more agile for our code release. This discussion has been helpful because it has: (1) to reaffirm the committer responsibilities and how the project works, (2) highlighted the need for key decisions to be documented in issues for the broader community, (3) allows us to continue to consider that although we are not focused on backwards compatibility in the next release, we do not want to lose the value of our experience with our users in considering what will be of value in the future.
TSC discussion that a script at database creation will install the USER ID in the GenevaERS environment in the GenevaERS database. The workbench would prompt for a TSO USER ID and Password; the workbench would then use the TSO ID to verify that the USER ID exists in the GenevaERS database. The Workbench would also verify that the TSO PW is valid. This will assure that the person entering this ID is the person that is logging into the system. Thus the PW is never stored in the GenevaERS database; but we have not disabled all the security code.
Passed by the slimmest of margins.