Am 15.09.10 12:32, schrieb Cédric Krier: > On 15/09/10 12:29 +0200, Tobias Paepke wrote: >> Am 15.09.10 12:24, schrieb Cédric Krier: >>> Hi, >>> >>> One of biggest security issue in default trytond installation is the >>> admin_password that is in clear text in trytond.conf. >>> >>> This is a legacy from OpenERP to allow newbie users to setup a database from >>> the client easily. >>> >>> I propose to change the cleared hardcoded password with a validation of the >>> password of the user running trytond. >>> >>> What do you think? >>> >> what about a hashed password in config? > It is hard to create/update. It is anyway on windows. For example you have to define the password for the user which is running tryton-service in the service management. If you change that password, it will stop working. Maybe i'm missing something. I know, tryton does not run on windows as a service yet... >> I don't think that a system user should have a password at all. > This will mean database creation is forbidden from rpc as for any production > server. > don't understand.
-- [email protected] mailing list
