Hello :) It's ok for me I will fulfill the expectations.
On Wed, 2012-03-07 at 18:16 +0000, Olivier Dony (OpenERP) wrote: > On 03/06/2012 04:12 PM, Samus CTO (OpenERP) wrote: > > Of course we can use more descriptive vars but I have the habit to simplify > > iterators/indexes (column c, line l, index i, option o, value v), not just > > integers. > > I was simply emphasizing that it's always better to be readable than concise. > If you have other habits, now may be a good time to change them ;-) > It literally takes negligible time for you to think and use a readable name > that will be self-explaining for all future readers of the code you write. > Having a one-letter name can sometimes increase readability when it is only > used on its own line (as is the case for a lambda or a list comprehension), > but > in all other cases it's just laziness and hurts readability. > > > > About the security issue I think it's not really the business of our > > application. > > On the contrary, it is an important issue that OpenERP has to consider, > because > users trust business critical private data to the system. > An average sysadmin will take obvious measures to protect the data such as not > giving physical access or root access to the server to everybody, but that is > usually not enough. Great applications can help by taking proactive steps to > avoid leaking sensitive data outside of the application's control without the > admin noticing. > I think this is one of them: we can help the admin avoid a not-so-obvious > leak. > > > > Please read the following examples: > > * Many people love to make their configuration file readable by all. But we > > don't check permission of our config files and its not the role of our > > application > > I don't think they "like" to do it. They just keep the default permissions > that > the system assigns, period. Why do think SSH won't read accept a config file > or > key file that is not strictly chmoded 600? > Actually it's a good point, we should do the same for the OpenERP config file, > which contains the same sensitive information as the environment - its > permissions should be checked. > > > > * Most programs make user able to enter a password in their command-line to > > allow scripting. The trick, I guess, is to make no user able to read the > > script but to execute it (example ldapsearch > > http://linux.die.net/man/1/ldapsearch > > Perhaps one reason they do it is because they are not meant to be long-running > and don't leave an obvious track in the process list. Or just because they do > not consider their software to be sensitive enough. I think we should be more > cautious and look at the better examples rather than the worse ones ;-) > -- https://code.launchpad.net/~openerp-dev/openobject-server/trunk-environment-vars-cto/+merge/94564 Your team OpenERP R&D Team is subscribed to branch lp:~openerp-dev/openobject-server/trunk-environment-vars-cto. _______________________________________________ Mailing list: https://launchpad.net/~openerp-dev-gtk Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-dev-gtk More help : https://help.launchpad.net/ListHelp
