* Betr.: " [tryton-dev] Thoughts about server password" (Wed, 15 Sep 2010 12:24:12 +0200):
> I propose to change the cleared hardcoded password with a validation of the
> password of the user running trytond.
I suppose 'cleared' means 'clear text'?
If the tryton user (like in Debian) running the server has no password neither
shell, it is no more possible to create databases from the client.
So I like the idea as *additional* feature:
- Setting the password to empty in trytond.conf with adding the hint of this
security risk, if configured.
- If no admin password is configured, only allow tryton(d) user to do admin
tasks.
Just one point:
- Unexperienced users running trytond with no special user have no security
layer between normal usage and administrative tasks.
Cheers
--
Mathias Behrle
MBSolutions
Gilgenmatten 10 A
D-79114 Freiburg
Tel: +49(761)471023
Fax: +49(761)4770816
http://mbsolutions.selfip.biz
UStIdNr: DE 142009020
PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6
signature.asc
Description: PGP signature
