From: "Adrian Crum" <[email protected]>
I suggested having the admin user login and password in the framework. A couple of people responded that doing so would open up a
security hole. I asked how a user would log into a new installation if there was no initial user login and password. The discussion
stopped there.
-Adrian
Yes the old "Hen and the egg" :D
http://en.wikipedia.org/wiki/Chicken-and-egg_problem
Jacques
--- On Sun, 1/25/09, David E Jones <[email protected]> wrote:
From: David E Jones <[email protected]>
Subject: Re: Question about hashed passwords in seed data
To: "[email protected]" <[email protected]>
Cc: "[email protected]" <[email protected]>
Date: Sunday, January 25, 2009, 12:42 PM
Maybe you understood incorrectly, if you are referring to
what I think you are.
-David
On Jan 25, 2009, at 13:01, Adrian Crum
<[email protected]> wrote:
> --- On Sun, 1/25/09, Jacopo Cappellato
<[email protected]> wrote:
>> Also, I would like to move the UserLogin record
for the
>> "admin" and "system" UserLogin
>> (including the relevant entries in the
>> PasswordSecurityData.xml file) from the
securityext to the
>> security component, i.e. from the applications to
the
>> framework.
>>
>> In this way we will be able to log in to the
webtools
>> application even if we are running a framework
only version
>> of OFBiz.
>
> I suggested that some time ago and the reply was that
there were to be no user login IDs or passwords supplied
with the framework.
>
> -Adrian
>
>
>
>
