David, this is a great suggestion and I have implemented it in rev. 739563.
Here is the commit log: Three new ant targets defined:* run-install-readers to pass the comma separated list of data readers (IMO this task should be named "run-install" and the existing one should be renamed "run-install-demo")
* run-install-file to pass a file name to load data from* create-admin-user-login that prompts for a user login, then creates it with admin privileges and a temporary password equal to 'ofbiz'
The last task is useful to build and setup a framework only distribution; the steps to get, build and run the OFBiz framework with seed data only are:
1) checkout OFBiz 2) remove the applications and specialpurpose folders 3) ant run-install-extseed 4) ant create-admin-user-login (and enter a user login id when prompted)5) start ofbiz and login with the user login id created in step 4 (use the password 'ofbiz')
6) change the password when prompted Jacopo On Jan 30, 2009, at 10:34 PM, David E Jones wrote:
That ant target to setup a user would be cool (and hopefully not too hard to implement... I don't know as I've never tried). If we're going to do that for seed-only (or seed, ext) data loading why not also get a username instead of using admin? Having the admin user in demo data is great, but for other installations it's nice to not have any of the OOTB users (except the system user that should be part of seed data), just new users that are setup that are specific to the organization.So, yeah, sounds like a good plan. -David On Jan 30, 2009, at 2:45 AM, Jacopo Cappellato wrote:I just spent some more time thinking about this and I would like to share with you the following idea:1) add a new ant task that prompts the user to enter a password for the admin user: the password will then be stored in the db 2) the above task will be executed the seed-initial target is run; if the password is not provided, the admin user is not created 3) running run-install (demo data) will automatically set the admin password to "ofbiz" as it is nowDoes it make sense? Jacopo On Jan 26, 2009, at 12:21 AM, Jacopo Cappellato wrote:I can understand the concerns about security but... since the passwords are loaded only by the seed-initial target (aka "ant run- install-extseed") I'd say that, if you run that task, it should be pretty clear what you are doing. A framework upgrade (aka "svn up framework" and "ant run-install- seed") will not be affected by this change. Actually, the "admin" user will be created (if not already there) but with empty password... hmmm, is it the concern about the security hole? Yes, this could be an issue, but only for existing db without admin user already defined. However I think we need to find a compromise so that it will be possible to log in into a framework only setup. Any suggestions? (maybe just adding a clear message in the ant output that explains what is happening when you run that task?Jacopo On Jan 25, 2009, at 9:59 PM, Adrian Crum wrote:I suggested having the admin user login and password in the framework. A couple of people responded that doing so would open up a security hole. I asked how a user would log into a new installation if there was no initial user login and password. The discussion stopped there.-Adrian--- On Sun, 1/25/09, David E Jones <[email protected]> wrote:From: David E Jones <[email protected]> Subject: Re: Question about hashed passwords in seed data To: "[email protected]" <[email protected]> Cc: "[email protected]" <[email protected]> Date: Sunday, January 25, 2009, 12:42 PM Maybe you understood incorrectly, if you are referring to what I think you are. -David On Jan 25, 2009, at 13:01, Adrian Crum <[email protected]> wrote:--- On Sun, 1/25/09, Jacopo Cappellato<[email protected]> wrote:Also, I would like to move the UserLogin recordfor the"admin" and "system" UserLogin (including the relevant entries in the PasswordSecurityData.xml file) from thesecurityext to thesecurity component, i.e. from the applications totheframework. In this way we will be able to log in to thewebtoolsapplication even if we are running a frameworkonly versionof OFBiz.I suggested that some time ago and the reply was thatthere were to be no user login IDs or passwords supplied with the framework.-Adrian
smime.p7s
Description: S/MIME cryptographic signature
