Re: 答复: New Impersonate Feature : OFBIZ-10515

Hi Gabriel, You message has been moderated and sent to the dev ML. Please subscribe here http://ofbiz.apache.org/mailing-lists.html Thanks Jacques Le 11/09/2018 à 15:05, Gabriel Oberreuter a écrit : I think this feature will be really useful! We give support with other systems, and the

Re: 答复: New Impersonate Feature : OFBIZ-10515

I think this feature will be really useful! We give support with other systems, and the inpersonation functionality is handy in lots of cases. Thanks! Will try it out in a couple of weeks. -- Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html

Re: 答复: New Impersonate Feature : OFBIZ-10515

Hello all, A last patch is available for testing with the given improvement : * add a security property that disable the feature by default * add a security property that enable the production mode (impersonated user is informed about the impersonation and cannot act during the process) * add a

Re: 答复: New Impersonate Feature : OFBIZ-10515

Are we confident that this will not lead to a CVE when it will appear in a release? Best regards, Pierre Smits Apache Trafodion , Vice President Apache Directory , PMC Member Apache Incubator , committer

Re: 答复: New Impersonate Feature : OFBIZ-10515

Anyway an admin can do that and much other things by directly poking in the DB So not really a concern for me Jacques Le 20/08/2018 à 14:04, Pierre Smits a écrit : Consider this: - having it enabled by default (as suggested by many) - enabling a user with higher privileges (suggested to

Re: 答复: New Impersonate Feature : OFBIZ-10515

Consider this: - having it enabled by default (as suggested by many) - enabling a user with higher privileges (suggested to be the OFBiz Admin) to impersonate someone with lower privileges - this user with higher privileges can now create/alter/etc... transactions in accounting, ordermgr,

Re: 答复: New Impersonate Feature : OFBIZ-10515

I don't have a strong opinion on this, and I am open. My personal preference is pehaps to just 'login as' instead of impersonate with normal user login history. The reason for my preference is having the least amount of code written and least security worries. I find the impersonate feature also

Re: 答复: New Impersonate Feature : OFBIZ-10515

Le 20/08/2018 à 10:50, Gil Portenseigne a écrit : I hope you find this feature interesting ? Reading you, i find out that no documentation is provided yet with this feature, we need to elaborate one, that will help up introducing it to business adopter and ‘boost their confidence’ ! Regards,

Re: 答复: New Impersonate Feature : OFBIZ-10515

Hello Taher, Thanks for your ideas, i think that had helped making it pop into Nicolas answer to Pierre (that i just annoted). I hope the idea, that seem a mix of yours could be good enough, a property that : * by default allow any impersonation to be done in non-preproduction env, without

Re: 答复: New Impersonate Feature : OFBIZ-10515

Hello ! I am back and glad to have so many feedback :) Since Nicolas already answered, i'll add some precisions and opinions inline. Le mardi 14 août 2018 à 18:17:14 (+0200), Nicolas Malin a écrit : > Hello, > On 13/08/2018 10:09, Pierre Smits wrote: > > Impressive... > > [...] > The feature

Re: 答复: New Impersonate Feature : OFBIZ-10515

Hello, On 13/08/2018 10:09, Pierre Smits wrote: Impressive... This seems to be an in-OFBiz equivalent of an OS take-over tool like Microsoft's Remote Desktop. The business case (and use cases) are explained insufficiently in this thread or in the ticket ([1]) why incorporating this in the repo

Re: 答复: New Impersonate Feature : OFBIZ-10515

One idea that comes to my mind which might be useful is that we add a flag in general.properties that by default enables this feature, and we can then specify in the documentation that to secure OFBiz we need to disable this feature so that it can be used in development but disabled in production

Re: 答复: New Impersonate Feature : OFBIZ-10515

Impressive... This seems to be an in-OFBiz equivalent of an OS take-over tool like Microsoft's Remote Desktop. The business case (and use cases) are explained insufficiently in this thread or in the ticket ([1]) why incorporating this in the repo should be favourable over having the adopting