> From: David E Jones <[EMAIL PROTECTED]>
> Subject: Re: framework release, icky internal dep
> To: [email protected]
> Date: Wednesday, November 19, 2008, 8:23 PM
> On Nov 19, 2008, at 11:17 PM, Adrian Crum wrote:
>
> > --- On Wed, 11/19/08, David E Jones
> <[EMAIL PROTECTED]> wrote:
> >
> >> From: David E Jones
> <[EMAIL PROTECTED]>
> >> Subject: Re: framework release, icky internal dep
> >> To: [email protected]
> >> Date: Wednesday, November 19, 2008, 7:57 PM
> >> We should probably just move the admin account
> data (the
> >> parts that are framework specific, ie the partyId
> and such
> >> should stay higher level) to the common component
> or
> >> something.
> >>
> >> In real life though, this is only useful for
> demonstration
> >> and technically no "admin" account
> should ever
> >> exist, only accounts for specific individuals.
> This is a
> >> good general practice and necessary for things
> like PCI
> >> compliance.
> >
> >
> > Seriously? If you have a framework-only installation,
> how would you log in to the framework without at least one
> user login? Even operating systems give you one login to
> start off with.
>
> That may be true of operating systems in days of yore, but
> these days the generally accepted practice is for NO ONE to
> use the root account, except perhaps for low-level system
> maintenance, and instead use "sudoers" and other
> similar concepts, ie users that have administrative
> privileges. I think it's for the same reason as used in
> PCI stuff, namely funny words like "traceability"
> and "auditability" and "analenablement"
> (note: one of those three is a joke ;) ).
So, if I install a modern operating system, I have no way to log in and create
users?
I think there's some confusion here. Here's what you're describing (from my
perspective) - I install the OFBiz framework. I want to set up users for the
framework. Oops, there is no way to log in to do that. I'm locked out. I can't
use the framework.
Operating systems provide the root account so you can create user accounts. Why
can't OFBiz do the same?
-Adrian
