[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)



This raises the next question-- do we need to release a patched 1.0.0?

On 9/11/06, Christopher Murtagh < ..hidden..> wrote:
On 9/11/06, Joshua D. Drake < ..hidden..> wrote:
> Jason Rodrigues wrote:
> >>  Cool. So, do we agree that we drop terminal support? I'm ok with
> >> saying that if folks want this, they can use lynx, links, w3m, etc..
> >> This would certainly make security issues much easier to deal with and
> >> help clean up the code somewhat. After all, we are building a web
> >> based application aren't we?
> >
> > I'd support that.  If we need/want a terminal based client, that can be
> > recreated via the LedgerSMB API , once that precipitates ...
>
> I would back the dumping of the terminal client. If we need a terminal
> client lets build it correctly with S-lang or curses or something.

Since I've gotten no objections, I'll start taking out the terminal
code as I clean things up. This will also solve the HTTP_USER_AGENT
problem, since we can now assume that all users are coming in over
HTTP (and add APIs for the curses or other interface later if deemed
necessary).

Cheers,

Chris

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel