Brian Kolaci wrote: > Yes, however when that was done, there was never a > concept of enforcing limits back then. Justin just submitted
Again, I think you're wrong. As early as 4.1 there was quotas of some sort. I believe the limits you're refering to those that are specified in the .qmailadmin-limits file, which are a function of qmailadmin to limit how many accounts, etc, a postmaster can create. > a patch to actually enforce these limits at, yes, the API level > where it belongs. This *will* break if you insert into a backing > store directly. Exactly what limits are you refering to? > > I still believe: Bypassing the supplied API is a kludge. > > (A raw datastore is *not* an API, you lose control over > validation and many other features if you don't have a > single thread of control over these. I don't believe the > original author understood the implications of that statement > and probably didn't do a request for comments on the list > prior to that). > Ken, as the original author, could you please enlighten us with your though process instead of us guessing? > I'll agree that qmailadmin should also have some recovery > code built into it, however I still disagree that anyone should > ever insert directly into a datastore. I strongly disagree, and I'm doing it for a email service I run for a non-profit. The potential user enters the username they want, I check to make sure there is no other user or alias with that name, I "reserve" that username for 30 min, get the credit card number from them, processes it, and if the charge goes through, I insert a record with the username, domain, crypted and clear text password and quota. The account is now available for immediate use. So explain to me exactly what validation and other features I've lost control over? > Brian Dave
