[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)



On 9/11/06, Joshua D. Drake <..hidden..> wrote:
Jason Rodrigues wrote:
>>  Cool. So, do we agree that we drop terminal support? I'm ok with
>> saying that if folks want this, they can use lynx, links, w3m, etc..
>> This would certainly make security issues much easier to deal with and
>> help clean up the code somewhat. After all, we are building a web
>> based application aren't we?
>
> I'd support that.  If we need/want a terminal based client, that can be
> recreated via the LedgerSMB API , once that precipitates ...

I would back the dumping of the terminal client. If we need a terminal
client lets build it correctly with S-lang or curses or something.

Since I've gotten no objections, I'll start taking out the terminal
code as I clean things up. This will also solve the HTTP_USER_AGENT
problem, since we can now assume that all users are coming in over
HTTP (and add APIs for the curses or other interface later if deemed
necessary).

Cheers,

Chris