Posted by Ian Gilbert on Mar 06, 2006; 4:38pm
URL: http://ofbiz.116.s1.nabble.com/Users-OFBiz-application-security-tp137781p137785.html

My understanding is that Ofbiz uses standard ssl certificate based
security.  Therefore it is as secure as any other system using this
(banks, other ecommerce sites, Government departments)...  Certainly this
is how we have it configured.  I guess if you have a low grade certificate
(say 56bit) then you are more vulnerable than if you have a higher grade
(say 128 bit) one.  There are probably costs involved with this.

As was pointed out on the list a while ago there are some default settings
that, if they are not changed (accounts for example) will allow easy
access to the system but these are covered in the production guide.  Some
allegations were made again a few weeks ago regarding security but these
were not followed up with examples or explanations.

Again I understand that Ofbiz implements role based security where you can
give different users access to different parts of the system depending on
characteristics of their permissions.  I think that these are all wrapped
up within ssl (so you have to get through that to actually change them).

I am a long way from being a security expert and I would be very
interested to know if this is not the case.  There is a fair bit on
security in the wiki and some of the associated documents.

Very best wishes

Ian Gilbert



On Mon, March 6, 2006 15:24, Si Chen wrote:

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users