| |||||||||||||
LDAP users?LDAP users?Posted May 10, 2012 2:29 UTC (Thu) by ringerc (subscriber, #3071)In reply to: LDAP users? by dskoll Parent article: Accounting systems: a rant and a quest
Good point. I was assuming they'd moved to a design where all rights and permissions checking was done in the DB, such that a command-line user couldn't do anything more than a GUI user can. That's often done with appropriate trigger functions or where they aren't flexible enough the use of SECURITY DEFINER stored procs + access restricted tables.
If they're using DB-level users but not doing strict access control and checking in the DB, so a user can still wreak havoc with DB command-line access, that's not cool.
(Log in to post comments)
LDAP users? Posted May 10, 2012 16:02 UTC (Thu) by dskoll (subscriber, #1630) [Link] Hmm, I don't really know... I haven't been able to upgrade to 1.3. :( Even if permission-checking is good, you can still do a lot more damage a lot more quickly with psql than the web interface. For example, you might be able to do a mass update in psql in the blink of an eye where the Web interface will slow you down before you can do too much damage. :)
LedgerSMB... GAAAAAHHH!!! Posted May 10, 2012 21:03 UTC (Thu) by dskoll (subscriber, #1630) [Link] So I took another crack at upgrading from LedgerSMB 1.2.x to 1.3.16. Total, utter failure. The "setup.pl" script keeps asking for a login/password and rejecting whatever I give. Tracing through a hundred twisty perl scripts, all alike, I got nowhere. I give up. At this point, we're frozen in amber at 1.2.21. My choices now are to do a clean installation of 1.3.16 at the end of the fiscal year and start fresh, pay someone (anyone out there?) to upgrade us, or switch away from LedgerSMB.
|
|||||||||||||