Re: Potential security issue with LedgerSMB (inherited from SL)

["Christopher Murtagh" <..hidden..>]

On 9/11/06, Joshua D. Drake <..hidden..> wrote:
> Jason Rodrigues wrote:
> >>  Cool. So, do we agree that we drop terminal support? I'm ok with
> >> saying that if folks want this, they can use lynx, links, w3m, etc..
> >> This would certainly make security issues much easier to deal with and
> >> help clean up the code somewhat. After all, we are building a web
> >> based application aren't we?
> >
> > I'd support that.  If we need/want a terminal based client, that can be
> > recreated via the LedgerSMB API , once that precipitates ...
>
> I would back the dumping of the terminal client. If we need a terminal
> client lets build it correctly with S-lang or curses or something.

Since I've gotten no objections, I'll start taking out the terminal
code as I clean things up. This will also solve the HTTP_USER_AGENT
problem, since we can now assume that all users are coming in over
HTTP (and add APIs for the curses or other interface later if deemed
necessary).

Cheers,

Chris