Remove the generateHttpPassword capability

Remove the Generate HTTP Password capability because it exposes a security vulnerability. Any user that is granted this capability can modify an administrator's http password and impersonate the admin user. Other reasons for removing this capability are that the usage of it is inconsistent with the modifyAccount capability and this capability encourages adding additional capabilities to restrict permissions, which is not desired. With this change only administrators are allowed to generate and delete other users' http passwords. The motivation behind this change is from comments in changes Ib1971fad and If8296539. Change-Id: Id907cc103591eed029fd08af700bb1bb6a618ff8
2014-09-25 13:59:28 -07:00
parent c563e98d9b
commit cf9bce2191
9 changed files with 5 additions and 28 deletions
--- a/gerrit-server/src/main/resources/com/google/gerrit/server/config/CapabilityConstants.properties
+++ b/gerrit-server/src/main/resources/com/google/gerrit/server/config/CapabilityConstants.properties
@@ -5,7 +5,6 @@ createGroup = Create Group
 createProject = Create Project
 emailReviewers = Email Reviewers
 flushCaches = Flush Caches
-generateHttpPassword = Generate HTTP Password
 killTask = Kill Task
 modifyAccount = Modify Account
 priority = Priority