Hello !
I working now on some user management Palo 1.5 interface implemented on PHP via PHP API (legacy). In my understanding i should use standard mechanisms to access to the SYSTEM database. I can successfully add users to the SYSTEM database (palo_eadd and palo_dataset) and remove users from SYSTEM database by palo_edelete. Algorithm looks like this:
//Adding user
$res = palo_eadd($conn,'SYSTEM','#_USER_','S','some1','',1.0,FALSE);
$u_p = array('some1','password');
$u_g = array('some1','poweruser');
$res = palo_dataset($conn,'SYSTEM','#_USER_USER_PROPERTIES', $u_p,'educator',FALSE);
$res = palo_dataset($conn,'SYSTEM','#_USER_GROUP', $u_g, '1' ,FALSE);
//Removing user
$res = palo_edelete($conn, 'SYSTEM','#_USER_','some1');
So, when i made these changes to the system database i get my SYSTEM database corrupted and Palo can not to start anymore (Linux platform and Windows as well). It seems like some issue for me, because i expecting that Palo support data integrity checks on operations like this.
By the way - as i can see user's passwords stored in plain text format in the database - security issue as well from my point of view.
If i do something wrong please help me get the point in SYSTEM database operations. Thank you very much.
