[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
- Subject: Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
- From: "Joshua D. Drake" <..hidden..>
- Date: Tue, 02 Oct 2007 09:55:36 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Travers wrote:
> On 10/2/07, Chris Nighswonger <..hidden..> wrote:
>>
>
> Having said this, I think we should be trying to be as secure as possible by
> default. I don't like the idea of blaming users for security issues,
With respect, we aren't blaming users. We are blaming adminstrators.
Anyone who thinks a "user" should be able to install LSMB or PostgreSQL
is frankly, in a fantasy world.
We aren't quickbooks. I know we would like to be, but just the fact that
we are a web application that requires apache (unless we start shipping
an httpd server) is cause for removal from the "user" installing paradigm.
Sincerely,
Joshua D. Drake
- --
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997 http://www.commandprompt.com/
UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHAngIATb/zqfZUUQRAtjjAJ4rk30KHp31eCwCmMeCBHVsyKYw+gCfUxWU
QPuWBXdS8fm+rjq0YCG24l0=
=2Lds
-----END PGP SIGNATURE-----