Skip to content

Enforce SCRAM-SHA-256 DB Auth and Configurable LAN Networking#171

Open
tyronechrisharris wants to merge 112 commits intoopensensorhub:masterfrom
tyronechrisharris:jules-sync-22716396113
Open

Enforce SCRAM-SHA-256 DB Auth and Configurable LAN Networking#171
tyronechrisharris wants to merge 112 commits intoopensensorhub:masterfrom
tyronechrisharris:jules-sync-22716396113

Conversation

@tyronechrisharris
Copy link

@tyronechrisharris tyronechrisharris commented Mar 5, 2026

This submission enhances the security of the OSCAR system by implementing robust database authentication and flexible networking.

Key changes include:

  1. SCRAM-SHA-256 Enforcement: Updated the PostGIS Docker configuration to use SCRAM-SHA-256 authentication during initialization.
  2. Docker Secrets Integration: All launch and run scripts now generate a secure, random database password (stored in .db_password) and inject it into the container via POSTGRES_PASSWORD_FILE. The OSH Java backend has been modified to prioritize reading credentials from this secret file at runtime.
  3. Configurable LAN Networking: Added support for the DB_HOST environment variable across all launch scripts and the backend logic, allowing the database to be hosted on a separate machine on the same LAN.
  4. Secure Connectivity: The OSH backend now enforces TLS for all PostGIS connections by default (ssl=true).
  5. Cross-Platform Utilities: Created backup.sh/bat and restore.sh/bat in the repository root for safe and easy database maintenance, respecting the new security and networking configurations.
  6. Credential Sanitization: Removed all instances of the hardcoded "postgres" password from configuration files and scripts.

These changes were implemented while maintaining full compatibility with the OpenSensorHub framework and OSH persistence modules.

Fixes #28

🔄 Auto-Distributed via AI Sync

Original Flat Repo PR: tyronechrisharris/oscar-flat#39

mdhsl and others added 30 commits September 24, 2025 18:14
@mdhsl
Update driver to use validTime for feature as a specific column as ts…
4f9843a 
…range indexed column; fix system serialization/deserialization
@mdhsl
Remove useless classes
b0db77c
@mdhsl
Fix wrong selectLastVersionByUidQuery() function for system
bc8fb87
@mdhsl
Do not insert a new system if it already exists: check the uniqueId
31da427
@mdhsl
Fix datastream issues with validTime
c7f91de
@mdhsl
Fix datastreams validTime
4c90585
@mdhsl
Fix issue with non thread safe batchPrepareStatement object; improve …
2cc3779 
…batch mode
@mdhsl
Add FoiFilter to filter Obs and fix PostgisFeature unit tests
3de0277
@mdhsl
Increase timeout and connection max life time
5d47070
@mdhsl
Update driver to use validTime for feature as a specific column as ts…
1b76079 
…range indexed column; fix system serialization/deserialization
@mdhsl
Remove useless classes
d7f2e4e
@mdhsl
Fix wrong selectLastVersionByUidQuery() function for system
f1f1d1c
@mdhsl
Do not insert a new system if it already exists: check the uniqueId
c98b862
@mdhsl
Fix datastream issues with validTime
21e2f9e
@mdhsl
Fix datastreams validTime
ec0a20b
@mdhsl
Fix issue with non thread safe batchPrepareStatement object; improve …
7412f03 
…batch mode
@mdhsl
Add FoiFilter to filter Obs and fix PostgisFeature unit tests
18ff4f5
@mdhsl
Increase timeout and connection max life time
925d872
@earocorn
Update command status serialization for osh-core changes and add inli…
6877aba 
…ne records serialization
@mdhsl
Merge pull request opensensorhub#125 from earocorn/cmd-status-seriali…
94ac11f 
…zation

Update command status serialization for osh-core changes and add inli…
@mdhsl
Fix BigId due to osh-core changes on command API
73d0eb7
@mdhsl
Fix merge
87d4828
@mdhsl
Use config to specify batch mode
2777dd8
@mdhsl
Clear the ThreadSafeBatchExecutor after closing connection
b2b8688
@mdhsl
Fix drop() into Postgis store add Add support for streaming into Feat…
4d41300 
…ureDatabase
@mdhsl
Centralize the use of JDBC connection; add streaming data for OBS, FE…
30f8565 
…ATURE and command; fix blocking connection while executing a DROP request; improve the use of batch
@mdhsl
Add support of obsFilter for FOI queries
cda8bde
@mdhsl
Speed up the batch mode by using addBatch for Feature
9313123
@mdhsl
Change logic when using InnerJoin to add condition directly after the…
a1c9cdd 
… Join instead at the end using WHERE
@mdhsl
Add support for batch removing into obs table; Use validTime into Foi…
6c96e76 
… query to select corresponding query
mdhsl and others added 30 commits November 18, 2025 20:16
@mdhsl
Fix some indexes and improve genericity
cfa6097
@mdhsl
Replace Timestamp With TZ by Timestamp and insert time as UTC
3fbfa1e
@mdhsl
Replace Timestamp With TZ by Timestamp and insert time as UTC
bc5ff1d
@earocorn
Fix merge
ebbbaa1
@earocorn
Upgrade connection pool size to 50. Fix system valid time filter
918a820
@earocorn
Synchronize on all add/put/remove. Query DataStream time ranges in se…
2e45f6c 
…lectEntries
@earocorn
Fix value predicate paging
9cb8030
@earocorn
Remove synchronized methods
754b97e
@earocorn
Use JSONB for obs table and reorder upon deserialization
e9334f9
@earocorn
Remove limit cap when using val predicate
8c41a2d
@earocorn
Add includeMembers filter to UID query
d83e097
@earocorn
Merge master into fix-postgis-commands
aeb59e6
@earocorn
Use cursor-based pagination with phenomenonTime on obs
347b1e0
@earocorn
Fix issue with AsynchronousSocketChannel on Windows
294fdfa
@earocorn
Synchronize and null check in FFmpeg transcoding
81d14db
@earocorn
Update datastream time ranges to use a SQL TRIGGER
915f21c
@earocorn
Add Hikari config
91aa4a9
@earocorn
Add CQL filter to postgis obs store
c6ea923
@earocorn
Update CQL to use @> operator, as well as observed property filter
92235ef
@earocorn
revert datastream query to use jsonb_path_exists
d0846a0
@earocorn
Link obs store to system store
448b993
@earocorn
Revert to ObsIteratorResultSet and fix some query filters
a0b73ee
@earocorn
Revert put() to use update statement
d406d62
@earocorn
Use pgtimestamp instead of date for times
a359156
@earocorn
Limit 1 for select last ID query
56d48bc
@earocorn
Add descending order param to obs queries
fb0e755
@earocorn
Increase socket timeout to 5 minutes
ce66c7f
@earocorn
Fix bug where Vector not serialized properly
1a5fde5
@earocorn
Reduce pool size to 20
c26e214
@github-actions
Auto-sync Jules updates: Enforce SCRAM-SHA-256 DB Auth and Configurab…
e843d0a 
…le LAN Networking
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

add option for inverting tilt commands to Dahua Cam Driver

5 participants

@tyronechrisharris @mdhsl @earocorn @BillBrown341 @alexrobin