I wouldn't say that we can't release soon, but it may be that in the
release branch we need to allow non-encrypted HTTP parameters to be
sent to services, instead of the default now which it to not allow that.
To facilitate this, and for people using the trunk who are trying to
update their production instances and such, I've added a property
(service.http.parameters.require.encrypted) to the url.properties file
that when set to "N" will change it so this only logged and no
exception is thrown.
I still think in the trunk, and perhaps later in the release branch
too, we should address this issue, but this setting should ease the
pain for those who can't wait.
-David
On Apr 11, 2009, at 7:03 AM, Jacques Le Roux wrote:
> Let me state it simply : we can't release soon
>
> There are still (a lot?) unknown issues in ftl files regarding the
> secure URLs thing. It's just not working !
>
> I will close OFBIZ-2260 soon, and I will try to make a tool (I think
> about Eclipse S/E xith regexp for now but maybe I wil need more) to
> find occurences (calls to a service in an URL with params in the URL)
>
> Jacques
Locked
