Ok like the see the jira you create.
Mike sent the following on 8/4/2011 4:25 PM: > BJ, I fail to see how this could possibly be a feature. Right now, > I'm at the level where I fiddle around with the code. As a new user, > should I be expected to have to review the code to see if it stands up > to security standards? I don't know much, but I do know when > something isn't right, and this happens to be one of those. In the > real world, people use friendly names to send/receive email and > conduct business. They shouldn't be expected to remember a user name > like mikej49q because an application needs obfuscation to protect > itself. > > I would hope that maybe this feature could be reduced to a certain > sub-set of users, whose login name is optionally in the format of an > email address, and maybe require a capta code to prevent dictionary > attacks. > > On Thu, Aug 4, 2011 at 10:56 AM, BJ Freeman <bjf...@free-man.net> wrote: >> Yes david if it is a bug, but by your definition many times this is a >> fearture. >> My point of the second paragraph that you did not include >> 1)part of the solution providing a way to circomvent security isssues >> not part of ofbiz but how one sets up ofbiz >> 2)the issues are addressed if one reads the code. >> >> David E Jones sent the following on 8/4/2011 8:38 AM: >>> >>> On Aug 4, 2011, at 6:39 AM, BJ Freeman wrote: >>> >>>> It sounds like you speaking of Ofbiz as a finished product, in which >>>> case I agree with you first paragraph. However Ofbiz is not a finished >>>> product and is meant for Consultants to setup for end users. The >>>> consultant should know this information and make the application they >>>> setup for their client fully secure. >>> >>> Sorry BJ, this simply isn't true. If there is something bad in the project >>> it should be changed. >>> >>> By your line of reasoning everyone doing consulting based on OFBiz should >>> keep a big list of issues to address every time they do anything for a >>> client… wouldn't it be better to just fix those things and be done with it? >>> >>> -David >>> >>> >> >
