Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Strip Admin Users In Development DB Dump #309

merged 2 commits into from
Sep 19, 2017


Copy link

Magerun pull-request check-list:

  • Pull request against develop branch (if not, just close and create a new one against it)
  • reflects changes (if any)

Subject: Strip Admin Users In Development DB Dump

For security purposes, it's better to strip admin* and authorization* when dumping a production database for non-production use. For example, the production database could be restored to staging with production admin user data. The staging environment may not have the same level of security as production (e.g. default admin route, not rate limiting brute force password guessing). An attacker could leverage the staging environment to identify production user credentials and then use them to obtain access to the production system.

Changes proposed in this pull request:

  • admin* and authorization* are stripped when running a development db dump

If the maintainers agree with this change, I can additionally issue a pull request to n98-magerun.

@cmuench cmuench merged commit 69f3445 into netz98:develop Sep 19, 2017
Copy link

cmuench commented Sep 19, 2017


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

Successfully merging this pull request may close these issues.

None yet

3 participants