Hi Chris,
On Fri, May 27, 2011 at 6:28 AM, Chris Travers <..hidden..> wrote:
Hi all;
I have gone through the patch queue and applied those which are safe
to apply. A few conflicted with more recent changes. In those cases,
I have generally looked at functional differences where I can.
I have a few patches which cannot be applied as such, but represent
needed changes in the application. These will be re-engineered and
applied perhaps tomorrow with one exception.
The exception has to do with user creation where the desired username
is not a LedgerSMB user but is a db cluster user in PostgreSQL.
Currently we refuse to create the user when this happens. This is the
default safe approach. We have a patch to change this behavior so
that it will import an existing user. This makes a lot of sense in
some environments (multiple companies on one db cluster, same
bookkeepers), but it is dangerous in others (managed hosting
environments). The concern I have is that it may be a case of
accidently giving one user permission to another database without
warning. On the other hand, sometimes that is desired behavior.
Personally, if I would buy into a managed hosting solution, I would
want my hosting provider to set me up with a separate cluster / VPS.
So, in that situation, it wouldn't be too bad. How about an option in
ledgersmb.conf to allow it, but setting it to 'off'/false by default
to prevent unwanted security risks?