--- On Wed, 11/19/08, David E Jones <[EMAIL PROTECTED]> wrote:
> From: David E Jones <[EMAIL PROTECTED]>
> Subject: Re: framework release, icky internal dep
> To: [email protected]
> Date: Wednesday, November 19, 2008, 8:37 PM
> On Nov 19, 2008, at 11:31 PM, Adrian Crum wrote:
>
> >> From: David E Jones
> <[EMAIL PROTECTED]>
> >> Subject: Re: framework release, icky internal dep
> >> To: [email protected]
> >> Date: Wednesday, November 19, 2008, 8:23 PM
> >> On Nov 19, 2008, at 11:17 PM, Adrian Crum wrote:
> >>
> >>> --- On Wed, 11/19/08, David E Jones
> >> <[EMAIL PROTECTED]> wrote:
> >>>
> >>>> From: David E Jones
> >> <[EMAIL PROTECTED]>
> >>>> Subject: Re: framework release, icky
> internal dep
> >>>> To: [email protected]
> >>>> Date: Wednesday, November 19, 2008, 7:57
> PM
> >>>> We should probably just move the admin
> account
> >> data (the
> >>>> parts that are framework specific, ie the
> partyId
> >> and such
> >>>> should stay higher level) to the common
> component
> >> or
> >>>> something.
> >>>>
> >>>> In real life though, this is only useful
> for
> >> demonstration
> >>>> and technically no "admin"
> account
> >> should ever
> >>>> exist, only accounts for specific
> individuals.
> >> This is a
> >>>> good general practice and necessary for
> things
> >> like PCI
> >>>> compliance.
> >>>
> >>>
> >>> Seriously? If you have a framework-only
> installation,
> >> how would you log in to the framework without at
> least one
> >> user login? Even operating systems give you one
> login to
> >> start off with.
> >>
> >> That may be true of operating systems in days of
> yore, but
> >> these days the generally accepted practice is for
> NO ONE to
> >> use the root account, except perhaps for low-level
> system
> >> maintenance, and instead use "sudoers"
> and other
> >> similar concepts, ie users that have
> administrative
> >> privileges. I think it's for the same reason
> as used in
> >> PCI stuff, namely funny words like
> "traceability"
> >> and "auditability" and
> "analenablement"
> >> (note: one of those three is a joke ;) ).
> >
> > So, if I install a modern operating system, I have no
> way to log in and create users?
>
> Sure there's a way... creating users has been a part of
> every OS install I've used in recent memory (Linux, OSX,
> and Windows).
>
> > I think there's some confusion here. Here's
> what you're describing (from my perspective) - I install
> the OFBiz framework. I want to set up users for the
> framework. Oops, there is no way to log in to do that.
> I'm locked out. I can't use the framework.
> >
> > Operating systems provide the root account so you can
> create user accounts. Why can't OFBiz do the same?
>
> Settle down. I didn't say it couldn't I said it
> shouldn't. You should use individual user accounts with
> admin permissions to create new accounts, except the
> bootstrap account during installation (which is usually done
> through pre-loaded data in OFBiz right now).
Aha! There's the missing bit of info. So, I can't just download and install the
framework, I have to muck around with XML files before firing it up for the
first time.
Understood. ;-)
-Adrian
