From ec5d55a9f7459835f61bffa85d51f35b06ade105 Mon Sep 17 00:00:00 2001 From: index-git Date: Thu, 25 Jan 2024 11:11:18 +0100 Subject: [PATCH] Document JDBC role service password stored as plaintext --- doc/env-settings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/env-settings.md b/doc/env-settings.md index d3e171938..b313ad429 100644 --- a/doc/env-settings.md +++ b/doc/env-settings.md @@ -95,6 +95,7 @@ List of [users](models.md#user) and [roles](models.md#role) giving them permissi ### LAYMAN_ROLE_SERVICE_URI URL of [Role Service](security.md#role-service) with DB schema in format `postgresql://:@:/?schema=`. URL scheme must be `postgresql`. URL host must be mentioned explicitly, as well as DB schema in `schema` URL query parameter. If you want to use [internal role service schema](security.md#internal-role-service-schema) provided by Layman, set value to `postgresql://:@:/?schema=_role_service` (replace variable names with their values). +Password is stored as plaintext in GeoServer config file. One of solutions of this security issue is to create DB user exclusively for this purpose with read-only rights for role-service tables/views. ## Layman Test Client Settings