[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17060772#comment-17060772 ] Wiebke Pätzold commented on OFBIZ-11244: Hi [~holivier], You are right, I accidently deleted the two buttons as well. In the correction.patch I added the lines again. I hope this hasn`t caused any inconvenient for you. > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > Fix For: Upcoming Branch > > Attachments: OFBIZ-11244-framework-correction.patch, > OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch > > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17060347#comment-17060347 ] Michael Brohl commented on OFBIZ-11244: --- [~wpaetzold] can you please check? > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > Fix For: Upcoming Branch > > Attachments: OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch > > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17059654#comment-17059654 ] Jacques Le Roux commented on OFBIZ-11244: - Thanks Guys! > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > Fix For: Upcoming Branch > > Attachments: OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch > > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17058817#comment-17058817 ] Jacques Le Roux commented on OFBIZ-11244: - +1, looks quite good to me too (disclaimer did not test). Just one point Wiebke: please use diff format for your patches (no /a /b). > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > Attachments: OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch > > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17058682#comment-17058682 ] Swapnil Mane commented on OFBIZ-11244: -- Thank you [~wpaetzold] for your contribution. The patch looks good to me. Thanks! > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > Attachments: OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch > > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17058630#comment-17058630 ] Michael Brohl commented on OFBIZ-11244: --- This looks good to me, any objections to commit this work? > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > Attachments: OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch > > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17044216#comment-17044216 ] Wiebke Pätzold commented on OFBIZ-11244: I created a patch for the framework as well as for the plugins so the security question should be removed everywhere. > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Release Branch 16.11, Release Branch 18.12, Release > Branch 17.12, Trunk >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > Attachments: OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch > > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17043527#comment-17043527 ] Jacques Le Roux commented on OFBIZ-11244: - Hi Wiebke, Yes please remove it from everywhere you can find it, TIA > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12, > Release Branch 18.12 >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17043506#comment-17043506 ] Wiebke Pätzold commented on OFBIZ-11244: I have a question regarding the remove oft the security question. Should I remove the security question from the plugins as well? Because the plugins are not listed in the components. > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12, > Release Branch 18.12 >Reporter: Jacques Le Roux >Assignee: Michael Brohl >Priority: Major > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17028166#comment-17028166 ] Jacques Le Roux commented on OFBIZ-11244: - Hi Michael, I'm currently focused on OFBIZ-11306, so feel free to assign to yourself > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12, > Release Branch 18.12 >Reporter: Jacques Le Roux >Priority: Major > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11244) Remove the user login security question
[ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17028080#comment-17028080 ] Michael Brohl commented on OFBIZ-11244: --- Hi [~jleroux] , are you working on it? Else we could work out the patch. > Remove the user login security question > --- > > Key: OFBIZ-11244 > URL: https://issues.apache.org/jira/browse/OFBIZ-11244 > Project: OFBiz > Issue Type: Improvement > Components: ecommerce, framework, party >Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12, > Release Branch 18.12 >Reporter: Jacques Le Roux >Priority: Major > > After our discussion in dev ML at > https://markmail.org/message/2dhc4al4adwgvl7z we will remove this feature. > This [~paulfoxworthy]'s remark is notably important: > bq. Security is only as good as its weakest link ( > https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html) , > and security questions can be a real weakness. Any organisation using OFBiz > that really hates passwords could look at security keys from Yubico or the > like. -- This message was sent by Atlassian Jira (v8.3.4#803005)