Hello,
I ran into org.ofbiz.service.ServiceAuthException while creating
entities for signup. I created a UserLogin object for “system”
account and without specifying password. This is accepted by several services
like createPartyDataSource and createPartyRole but not by createPartyPostalAddress.
- Is it a bug if a service accepts “system”
account without specifying password?
- Should “system” account require
password for services? I would guess a strong yes but want to be sure.
- The password for this and other critical accounts
like admin are specified in securityext/data/PasswordSecurityData.xml which
all default to “ofbiz”. This file is specified as “seed”
in the corresponding ofbiz-components.xml. I assume the difference between
“seed” vs. “demo” data is that “seed”
data is required for production systems while “demo” shouldn’t
be installed. Should PasswordSecurityData.xml be made into “demo”
data so that it isn’t installed by default in production systems?
Regards,
Vinay Agarwal
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Locked
