On Nov 19, 2008, at 11:31 PM, Adrian Crum wrote:
From: David E Jones <[EMAIL PROTECTED]>
Subject: Re: framework release, icky internal dep
To: dev@ofbiz.apache.org
Date: Wednesday, November 19, 2008, 8:23 PM
On Nov 19, 2008, at 11:17 PM, Adrian Crum wrote:
--- On Wed, 11/19/08, David E Jones
<[EMAIL PROTECTED]> wrote:
From: David E Jones
<[EMAIL PROTECTED]>
Subject: Re: framework release, icky internal dep
To: dev@ofbiz.apache.org
Date: Wednesday, November 19, 2008, 7:57 PM
We should probably just move the admin account
data (the
parts that are framework specific, ie the partyId
and such
should stay higher level) to the common component
or
something.
In real life though, this is only useful for
demonstration
and technically no "admin" account
should ever
exist, only accounts for specific individuals.
This is a
good general practice and necessary for things
like PCI
compliance.
Seriously? If you have a framework-only installation,
how would you log in to the framework without at least one
user login? Even operating systems give you one login to
start off with.
That may be true of operating systems in days of yore, but
these days the generally accepted practice is for NO ONE to
use the root account, except perhaps for low-level system
maintenance, and instead use "sudoers" and other
similar concepts, ie users that have administrative
privileges. I think it's for the same reason as used in
PCI stuff, namely funny words like "traceability"
and "auditability" and "analenablement"
(note: one of those three is a joke ;) ).
So, if I install a modern operating system, I have no way to log in
and create users?
Sure there's a way... creating users has been a part of every OS
install I've used in recent memory (Linux, OSX, and Windows).
I think there's some confusion here. Here's what you're describing
(from my perspective) - I install the OFBiz framework. I want to set
up users for the framework. Oops, there is no way to log in to do
that. I'm locked out. I can't use the framework.
Operating systems provide the root account so you can create user
accounts. Why can't OFBiz do the same?
Settle down. I didn't say it couldn't I said it shouldn't. You should
use individual user accounts with admin permissions to create new
accounts, except the bootstrap account during installation (which is
usually done through pre-loaded data in OFBiz right now).
-David