[OFBiz] Users - RE: Users Digest, Vol 15, Issue 22

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Users - RE: Users Digest, Vol 15, Issue 22

akumar-2
Hi guys,
I   want to know more about the security implementation of OFBiz including
user creation. Can someone please  point me to any documentation?

Thanks

Anil
Eagle Creek Software Services
[hidden email]
303-520-0646

 -----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of [hidden email]
Sent: Tuesday, October 18, 2005 10:00 AM
To: [hidden email]
Subject: Users Digest, Vol 15, Issue 22

Send Users mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.ofbiz.org/mailman/listinfo/users
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Users digest..."


Today's Topics:

   1. Re: Re: Users - BUG IN CHANGING PASSWORD (STRANGE
      OBSERVATION) (Andrew Sykes)
   2. RE: Ofbiz hardware requirements (Daniel Kunkel)
   3. Re: BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)
      (David E. Jones)


----------------------------------------------------------------------

Message: 1
Date: Tue, 18 Oct 2005 15:48:18 +0100
From: Andrew Sykes <[hidden email]>
Subject: Re: [OFBiz] Users - Re: Users - BUG IN CHANGING PASSWORD
        (STRANGE OBSERVATION)
To: OFBiz Users / Usage Discussion <[hidden email]>
Message-ID: <1129646898.3823.24.camel@localhost>
Content-Type: text/plain

Souvik,

Could it be that you are mistakenly creating a new record rather than
doing the update you think you are?

Kind Regards
--
Andrew Sykes <[hidden email]>
Sykes Development Ltd



------------------------------

Message: 2
Date: Tue, 18 Oct 2005 08:11:33 -0700
From: Daniel Kunkel <[hidden email]>
Subject: RE: [OFBiz] Users - Ofbiz hardware requirements
To: OFBiz Users / Usage Discussion <[hidden email]>
Message-ID: <[hidden email]>
Content-Type: text/plain

Hi

>In your vocabulary, does "Virtual Private Servers" count as "shared
>hosting"/"virtual machine hosting"?

Yes, they are the same.

>Is there anything similar to Contegix in the EU?

Not that I am aware of, but David is the better person to ask.

Good Luck

Daniel





------------------------------

Message: 3
Date: Tue, 18 Oct 2005 09:28:49 -0600
From: "David E. Jones" <[hidden email]>
Subject: Re: [OFBiz] Users - BUG IN CHANGING PASSWORD (STRANGE
        OBSERVATION)
To: OFBiz Users / Usage Discussion <[hidden email]>
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed


Based on this I couldn't really say what is going wrong. If you are
using an older version of OFBiz you might be running into a cache
problem, but I'm not aware of anything like this that is an
outstanding issue right now.

If you can reproduce the problem in the current code base let me know
what you did to make it happen and I'll look into it...

-David


On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:

> Hi all,
> I have built an application using the Ofbiz framework and has made
> full use of the Security system..I am using the framework provided
> login and logout services
> In my application there is a customer side and an admin side....
> I have provided the customer with a feature to change password after
> logging in. In that case I find that though the new password is
> updated in the Userlogin entity its not effecting the
> application...Whil;e trying to log in with his new password the
> customer is getting error of Incorrecvt password. But he is able to
> log in with his old password. The strangest thing is that the
> Userlogin entity has the new password and not the old one......is the
> password also stored some where else....I have not used any
> encryption....
> there are more strange observations .......
> When the admin tries to change the customers password the change is
> effected if the user is not logged in at that moment...Even if he is
> logged in he the UserLo0gin entity gets updated with new password but
> it does not effect the customer's security settings. I mean later when
> the customer tries to log in with his new password he fails but is
> allowed the same with his old password.....
> But when an admin changes the password of a customer who in not logged
> in the change effects his security settings...The behaviour is as
> expected...He can log in with his new password and not the old......
> If I provide the customer with a feature that he canchange his
> password without logging in( where he has to provide his userloginId
> also) the behaviousr is as expected.....He can log in with his new
> password and not his old one......
>
> FYI I am using a minilang(simple) service to change the password and
> update the UserLogin entity....It uses the "store" tag of minilang
>
> Can someone please explain this wierd behaviour and its remedy.....any
> suggerstion will be of gr8 help and I shall be highly obliged
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>



------------------------------


_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users

End of Users Digest, Vol 15, Issue 22
*************************************


 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Users - Why odbc?...

Jacques Le Roux
Administrator
Yes, why odbc?...

Is this only needed if using WorldShip ?

Jacques

----- Original Message -----
From: <[hidden email]>
To: <[hidden email]>
Sent: Tuesday, September 13, 2005 5:53 AM
Subject: [OFBiz] SVN: r5726 - trunk/framework/entity/config


> Author: jonesde
> Date: 2005-09-12 22:53:15 -0500 (Mon, 12 Sep 2005)
> New Revision: 5726
>
> Modified:
>    trunk/framework/entity/config/entityengine.xml
> Log:
> Commented out second group for these delegators, fine as an example but having
2 groups pointing to the same database generates a HUGE pile of
>
> warning messages; also, why odbc?...

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Users - Security information ...

Ian Gilbert
In reply to this post by akumar-2
Hi Anil,

I'm looking at this as well over the next day or so.  I'm going to start
here http://ofbizwiki1.go-integral.com/Search.jsp?query=security&ok=Search

I hope that you find this useful.

Very best wishes

Ian Gilbert

On Wed, October 19, 2005 4:15 am, akumar wrote:

> Hi guys,
> I   want to know more about the security implementation of OFBiz including
>  user creation. Can someone please  point me to any documentation?
>
> Thanks
>
>
> Anil
> Eagle Creek Software Services
> [hidden email] 303-520-0646
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]
> On Behalf Of [hidden email]
> Sent: Tuesday, October 18, 2005 10:00 AM
> To: [hidden email]
> Subject: Users Digest, Vol 15, Issue 22
>
>
> Send Users mailing list submissions to
> [hidden email]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.ofbiz.org/mailman/listinfo/users
> or, via email, send a message with subject or body 'help' to
> [hidden email]
>
> You can reach the person managing the list at
> [hidden email]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Users digest..."
>
>
> Today's Topics:
>
>
> 1. Re: Re: Users - BUG IN CHANGING PASSWORD (STRANGE
> OBSERVATION) (Andrew Sykes)
> 2. RE: Ofbiz hardware requirements (Daniel Kunkel)
> 3. Re: BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)
> (David E. Jones)
>
>
>
> ----------------------------------------------------------------------
>
>
> Message: 1
> Date: Tue, 18 Oct 2005 15:48:18 +0100
> From: Andrew Sykes <[hidden email]>
> Subject: Re: [OFBiz] Users - Re: Users - BUG IN CHANGING PASSWORD
> (STRANGE OBSERVATION)
> To: OFBiz Users / Usage Discussion <[hidden email]>
> Message-ID: <1129646898.3823.24.camel@localhost>
> Content-Type: text/plain
>
>
> Souvik,
>
>
> Could it be that you are mistakenly creating a new record rather than
> doing the update you think you are?
>
> Kind Regards
> --
> Andrew Sykes <[hidden email]>
> Sykes Development Ltd
>
>
>
>
> ------------------------------
>
>
> Message: 2
> Date: Tue, 18 Oct 2005 08:11:33 -0700
> From: Daniel Kunkel <[hidden email]>
> Subject: RE: [OFBiz] Users - Ofbiz hardware requirements
> To: OFBiz Users / Usage Discussion <[hidden email]>
> Message-ID: <[hidden email]>
> Content-Type: text/plain
>
>
> Hi
>
>
>> In your vocabulary, does "Virtual Private Servers" count as "shared
>> hosting"/"virtual machine hosting"?
>
> Yes, they are the same.
>
>
>> Is there anything similar to Contegix in the EU?
>>
>
> Not that I am aware of, but David is the better person to ask.
>
>
> Good Luck
>
>
> Daniel
>
>
>
>
>
>
> ------------------------------
>
>
> Message: 3
> Date: Tue, 18 Oct 2005 09:28:49 -0600
> From: "David E. Jones" <[hidden email]>
> Subject: Re: [OFBiz] Users - BUG IN CHANGING PASSWORD (STRANGE
> OBSERVATION)
> To: OFBiz Users / Usage Discussion <[hidden email]>
> Message-ID: <[hidden email]>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
>
>
> Based on this I couldn't really say what is going wrong. If you are
> using an older version of OFBiz you might be running into a cache problem,
> but I'm not aware of anything like this that is an outstanding issue right
> now.
>
> If you can reproduce the problem in the current code base let me know
> what you did to make it happen and I'll look into it...
>
> -David
>
>
>
> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
>
>
>> Hi all,
>> I have built an application using the Ofbiz framework and has made
>> full use of the Security system..I am using the framework provided login
>> and logout services In my application there is a customer side and an
>> admin side.... I have provided the customer with a feature to change
>> password after logging in. In that case I find that though the new
>> password is updated in the Userlogin entity its not effecting the
>> application...Whil;e trying to log in with his new password the customer
>> is getting error of Incorrecvt password. But he is able to log in with
>> his old password. The strangest thing is that the Userlogin entity has
>> the new password and not the old one......is the password also stored
>> some where else....I have not used any encryption.... there are more
>> strange observations ....... When the admin tries to change the
>> customers password the change is effected if the user is not logged in
>> at that moment...Even if he is logged in he the UserLo0gin entity gets
>> updated with new password but it does not effect the customer's security
>> settings. I mean later when the customer tries to log in with his new
>> password he fails but is allowed the same with his old password..... But
>> when an admin changes the password of a customer who in not logged in
>> the change effects his security settings...The behaviour is as
>> expected...He can log in with his new password and not the old...... If
>> I provide the customer with a feature that he canchange his
>> password without logging in( where he has to provide his userloginId
>> also) the behaviousr is as expected.....He can log in with his new
>> password and not his old one......
>>
>> FYI I am using a minilang(simple) service to change the password and
>> update the UserLogin entity....It uses the "store" tag of minilang
>>
>> Can someone please explain this wierd behaviour and its remedy.....any
>> suggerstion will be of gr8 help and I shall be highly obliged
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>
>
>
> ------------------------------
>
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
>
> End of Users Digest, Vol 15, Issue 22
> *************************************
>
>
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
>


 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users