Old Release

This documentation relates to an old version of VIVO, version 1.9.x. Looking for another version? See all documentation.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

How can I get access to a VIVO database?

This question most commonly arises when someone ships dump of a MySQL database to a developer at another site, for testing or debugging purposes. The sender of the data may be reluctant to provide the password to the root account, either because

  • they do not wish the developer to know their root password, or
  • they do not wish to use unsecured media to send their root password.

So the developer faces a puzzle. They can load the data into MySQL, they can start an instance of VIVO and give it access to the data, but they cannot log in to that VIVO because they don't know the password.

How to get access to a VIVO instance without knowing the root password?

This page is intended to make access easier for VIVO developers and maintainers.An attacker cannot use these techniques to gain access to your VIVO installation. These techniques can only be used by someone who already has full access to your installation.

VIVO release 1.6 and beyond

To gain access to the database, simply create a new root account.

  • Modify the runtime.properties file to include a root account of your choosing, and restart VIVO

    rootUser.emailAddress = new_root@mydomain.edu
  • Open VIVO in the browser. You will see a warning screen like the following:

    Click Continue to view the VIVO home page.
  • Log in using the new root account. The first-time password for your new root account will be rootPassword, and you will be asked to assign a new password.

You now have two root accounts, and you know the password to the new one. Use the User Accounts pages to either

  • Delete the old root account,
    or
  • Change the password on the old root account and delete the new root account.

VIVO releases from 1.3 to 1.5.2

These releases of VIVO include a "back door" to permit this operation. A developer can add a special file to the VIVO code, which will enable a special URL that will give access.

In more detail:

  • Create a file called friend.xml, containing a line like this: <date value="2013-02-18"/>, and put it in the [tomcat]/webapps/<vivocontext>/WEB-INF/classes directory. The date in the file must not be more than 1 week old. If you need to use this mechanism for more than 1 week, you will need to update the file. For example:

    cd /usr/local/tomcat/webapps/vivo/WEB-INF/classes
echo '<date value="2013-02-18"/>' > friend.xml
  • Go to http://localhost:8080/vivo/admin/friend (or whatever is correct for your host and port number and context path), and you are immediately logged in as root.
  • Go to the Site Admin page, User Accounts, and either change the password on the root account or create a new admin account for your use.

This back door will offer no diagnostics if it is attempted incorrectly. The /admin/friend URL will return a simple 404 status

  • if friend.xml does not exist
  • if friend.xml is in the wrong directory
  • if friend.xml is not in the correct format
  • if friend.xml contains a stale date

VIVO releases prior to 1.3

Older VIVO instances did not have a "root" account, per se. Instead, they had "default_admin" accounts.

It is possible to set a new password on the default_admin account using the command line interface to MySQL.

  • Find out the name of the default_admin account (in this example, the name is admin):

    mysql> select obj from jena_g3t1_stmt 
    ->    where subj = 'Uv::http://vitro.mannlib.cornell.edu/ns/vitro/default#defaultAdminUser:' 
    ->      and prop = 'Uv::http://vitro.mannlib.cornell.edu/ns/vitro/0.7#username:';
+-------------------------------------------------------+
| Obj                                                   |
+-------------------------------------------------------+
| Lv:0:39:http://www.w3.org/2001/XMLSchema#stringadmin: | 
+-------------------------------------------------------+
1 row in set (0.00 sec)

  • Set the password to rootPassword

    mysql> update jena_g3t1_stmt
    ->    set obj = 'Lv:0:39:http://www.w3.org/2001/XMLSchema#string4BBA69E66998C59F03530EE02C406CB0:'
    ->    where subj = 'Uv::http://vitro.mannlib.cornell.edu/ns/vitro/default#defaultAdminUser:' 
    ->      and prop = 'Uv::http://vitro.mannlib.cornell.edu/ns/vitro/0.7#md5password:';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1  Changed: 1  Warnings: 0

  • Log in with the name that you found in the first step, and the password of rootPassword.

  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.