IRC conversation in Cloud-Services
<jynus> I will do some cleanup to disable accounts that have not been used for over a year
<valhallasw`cloud> that might give us a lot of 'hey, I tried to continue with a project that had been lying there for a while and the database credentials don't work anymore' bugs
<jynus> I will do something like that, not necesarily like that, or witout coordination, etc.
<tom29739> There's more attack vectors if there's accounts sitting doing nothing.
<jynus> maybe in a way that the users could reenable it somehow
<tom29739> Maybe tie into that console.wmflabs.org thingy that bd808 is making.
<tom29739> Have an 'Enable/disable db user' button.
<bd808> tom29739: write a ticket up. I can't promise anything but it sounds like something worth looking into
Having database tools on this application would be very useful, it could maybe do the following:
- Create databases
- Delete databases
- Change permissions on databases (can currently only be done manually, for instance sharing a db between 2 tools).
- Enable and disable the database user (would be disabled by default)
- Reset database password
- Recreate replica.my.cnf
- Recreate grants
- SQL web terminal? (if the app is going to have a normal web terminal, then this can probably be disregarded)
- Yet more things?