From 1d86e6ab6259b7628065e30b3fb3961a2986c6da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kr=C3=B6ger?= Date: Wed, 1 Jul 2026 15:22:29 +0200 Subject: [PATCH 1/2] Improve security of DB dump script - Do not prompt for password anymore - Disable production accounts after dump - Change tokens after dump to prevent accidental leak --- dump.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/dump.sh b/dump.sh index 259140b2a..ff42f0525 100755 --- a/dump.sh +++ b/dump.sh @@ -1,8 +1,20 @@ #!/bin/bash -e -psql -h localhost -U "$POSTGRES_USER" -d postgres -c "drop database if exists $POSTGRES_DB;" -psql -h localhost -U "$POSTGRES_USER" -d postgres -c "create database $POSTGRES_DB;" +export PGPASSWORD="$POSTGRES_PASSWORD" + +sql() { + psql -h localhost -U "$POSTGRES_USER" -d $1 -c "$2" +} + +sql postgres "drop database if exists $POSTGRES_DB;" +sql postgres "create database $POSTGRES_DB;" ssh "$REMOTE_DB" \ "pg_dump -O -x --exclude-table-data='serverdb_*' -d serveradmin | gzip -9 -c " \ | gunzip -c \ - | psql -h localhost -U "$POSTGRES_USER" -d "$POSTGRES_DB" \ No newline at end of file + | psql -h localhost -U "$POSTGRES_USER" -d "$POSTGRES_DB" + + +# To have less of a risk of accessing production and preventing token leaks +# we better disable applications and change tokens +sql "$POSTGRES_DB" 'update apps_application set disabled = true;' +sql "$POSTGRES_DB" "update apps_application set auth_token = substr(md5(random()::text || id::text), 1, 25);" From 1e0af395ff6c62734a79795e63b6bac28864220c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kr=C3=B6ger?= Date: Fri, 3 Jul 2026 14:47:41 +0200 Subject: [PATCH 2/2] CodeReview: Exclude data from apps_application --- dump.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/dump.sh b/dump.sh index ff42f0525..fafdff379 100755 --- a/dump.sh +++ b/dump.sh @@ -8,13 +8,12 @@ sql() { sql postgres "drop database if exists $POSTGRES_DB;" sql postgres "create database $POSTGRES_DB;" + +# We exclude some tables: +# +# - 'serverdb_*' because it is huge and usually not needed locally +# - 'apps_application' because it contains access tokens for production ssh "$REMOTE_DB" \ - "pg_dump -O -x --exclude-table-data='serverdb_*' -d serveradmin | gzip -9 -c " \ + "pg_dump -O -x --exclude-table-data='serverdb_*' --exclude-table-data='apps_application' -d serveradmin | gzip -9 -c " \ | gunzip -c \ | psql -h localhost -U "$POSTGRES_USER" -d "$POSTGRES_DB" - - -# To have less of a risk of accessing production and preventing token leaks -# we better disable applications and change tokens -sql "$POSTGRES_DB" 'update apps_application set disabled = true;' -sql "$POSTGRES_DB" "update apps_application set auth_token = substr(md5(random()::text || id::text), 1, 25);"