[OFBiz] Users - Security information ...

Ian Gilbert ian at ethicalshopper.co.uk
Wed Oct 19 16:26:39 EDT 2005 

Hi Anil,

I'm looking at this as well over the next day or so.  I'm going to start
here http://ofbizwiki1.go-integral.com/Search.jsp?query=security&ok=Search

I hope that you find this useful.

Very best wishes

Ian Gilbert

On Wed, October 19, 2005 4:15 am, akumar wrote:
> Hi guys,
> I   want to know more about the security implementation of OFBiz including
>  user creation. Can someone please  point me to any documentation?
>
> Thanks
>
>
> Anil
> Eagle Creek Software Services
> akumar at eaglecrk.com 303-520-0646
>
>
> -----Original Message-----
> From: 	users-bounces at lists.ofbiz.org
> [mailto:users-bounces at lists.ofbiz.org]
> On Behalf Of users-request at lists.ofbiz.org
> Sent:	Tuesday, October 18, 2005 10:00 AM
> To:	users at lists.ofbiz.org
> Subject:	Users Digest, Vol 15, Issue 22
>
>
> Send Users mailing list submissions to
> users at lists.ofbiz.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.ofbiz.org/mailman/listinfo/users
> or, via email, send a message with subject or body 'help' to
> users-request at lists.ofbiz.org
>
> You can reach the person managing the list at
> users-owner at lists.ofbiz.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Users digest..."
>
>
> Today's Topics:
>
>
> 1. Re: Re: Users - BUG IN CHANGING PASSWORD (STRANGE
> OBSERVATION) (Andrew Sykes)
> 2. RE: Ofbiz hardware requirements (Daniel Kunkel)
> 3. Re: BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)
> (David E. Jones)
>
>
>
> ----------------------------------------------------------------------
>
>
> Message: 1
> Date: Tue, 18 Oct 2005 15:48:18 +0100
> From: Andrew Sykes <andrew at sykesdevelopment.com>
> Subject: Re: [OFBiz] Users - Re: Users - BUG IN CHANGING PASSWORD
> (STRANGE	OBSERVATION)
> To: OFBiz Users / Usage Discussion <users at lists.ofbiz.org>
> Message-ID: <1129646898.3823.24.camel at localhost>
> Content-Type: text/plain
>
>
> Souvik,
>
>
> Could it be that you are mistakenly creating a new record rather than
> doing the update you think you are?
>
> Kind Regards
> --
> Andrew Sykes <andrew at sykesdevelopment.com>
> Sykes Development Ltd
>
>
>
>
> ------------------------------
>
>
> Message: 2
> Date: Tue, 18 Oct 2005 08:11:33 -0700
> From: Daniel Kunkel <DanielKunkel at biowaves.com>
> Subject: RE: [OFBiz] Users - Ofbiz hardware requirements
> To: OFBiz Users / Usage Discussion <users at lists.ofbiz.org>
> Message-ID: <1129648293.3628.177.camel at localhost.localdomain>
> Content-Type: text/plain
>
>
> Hi
>
>
>> In your vocabulary, does "Virtual Private Servers" count as "shared
>> hosting"/"virtual machine hosting"?
>
> Yes, they are the same.
>
>
>> Is there anything similar to Contegix in the EU?
>>
>
> Not that I am aware of, but David is the better person to ask.
>
>
> Good Luck
>
>
> Daniel
>
>
>
>
>
>
> ------------------------------
>
>
> Message: 3
> Date: Tue, 18 Oct 2005 09:28:49 -0600
> From: "David E. Jones" <jonesde at ofbiz.org>
> Subject: Re: [OFBiz] Users - BUG IN CHANGING PASSWORD (STRANGE
> OBSERVATION)
> To: OFBiz Users / Usage Discussion <users at lists.ofbiz.org>
> Message-ID: <FFB41B89-D0CA-4D05-A5EA-51D819E631AA at ofbiz.org>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
>
>
> Based on this I couldn't really say what is going wrong. If you are
> using an older version of OFBiz you might be running into a cache problem,
> but I'm not aware of anything like this that is an outstanding issue right
> now.
>
> If you can reproduce the problem in the current code base let me know
> what you did to make it happen and I'll look into it...
>
> -David
>
>
>
> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
>
>
>> Hi all,
>> I have built an application using the Ofbiz framework and has made
>> full use of the Security system..I am using the framework provided login
>> and logout services In my application there is a customer side and an
>> admin side.... I have provided the customer with a feature to change
>> password after logging in. In that case I find that though the new
>> password is updated in the Userlogin entity its not effecting the
>> application...Whil;e trying to log in with his new password the customer
>> is getting error of Incorrecvt password. But he is able to log in with
>> his old password. The strangest thing is that the Userlogin entity has
>> the new password and not the old one......is the password also stored
>> some where else....I have not used any encryption.... there are more
>> strange observations ....... When the admin tries to change the
>> customers password the change is effected if the user is not logged in
>> at that moment...Even if he is logged in he the UserLo0gin entity gets
>> updated with new password but it does not effect the customer's security
>> settings. I mean later when the customer tries to log in with his new
>> password he fails but is allowed the same with his old password..... But
>> when an admin changes the password of a customer who in not logged in
>> the change effects his security settings...The behaviour is as
>> expected...He can log in with his new password and not the old...... If
>> I provide the customer with a feature that he canchange his
>> password without logging in( where he has to provide his userloginId
>> also) the behaviousr is as expected.....He can log in with his new
>> password and not his old one......
>>
>> FYI I am using a minilang(simple) service to change the password and
>> update the UserLogin entity....It uses the "store" tag of minilang
>>
>> Can someone please explain this wierd behaviour and its remedy.....any
>> suggerstion will be of gr8 help and I shall be highly obliged
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.ofbiz.org
>> http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>
>
>
> ------------------------------
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.ofbiz.org
> http://lists.ofbiz.org/mailman/listinfo/users
>
>
> End of Users Digest, Vol 15, Issue 22
> *************************************
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.ofbiz.org
> http://lists.ofbiz.org/mailman/listinfo/users
>
>

More information about the Users mailing list