[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] patch for review
From: |
Dave Hall |
Subject: |
Re: [Phpgroupware-developers] patch for review |
Date: |
Thu, 07 Sep 2006 10:14:12 +1000 |
Commited
On Wed, 2006-09-06 at 23:10 +0200, Sigurd Nes wrote:
> Benoit Hamet wrote:
> > Hi all, .
> >
> > <snip>
> >>> There is also applications::d2name , categories::d2name and
> >>> interserver::d2name.
> >>> I think it risky to rename the calls to only accounts::id2name - I
> >>> think it would be better to keep the "old" accounts::id2name - and
> >>> rather implement the new accounts::id2name as accounts::id2full_name
> >>> or something.
> >> It hasn't been renamed. The old method accounts::id2name now returns
> >> the user's fullname, and doesn't reveal the user's login id, which is
> >> good security imho. If you already have the login id then you have 1
> >> half of the puzzle for cracking an account. Some organizations have
> >> policies on login ids others don't, which will also impact on benefit of
> >> this change.
> >>
> >> applications::d2name , categories::d2name and interserver::id2name are
> >> uneffected by this change, as they return the relevant string for the
> >> data type and it has no security implications.
> >>
> >> The change in the string returned by accounts::id2name has been in HEAD
> >> for months. The new accounts::id2lid is only for those cases where
> >> internally we need the login id, which is very rare. As
> >> accounts::id2name is used a lot for presenting username information in
> >> the GUI, it is safest to change the functionality. Where there is a
> >> need to for the login id, use accounts::id2lid, which can be changed
> >> manually on a case by case basis.
> >
> > It looks ok to me. AFAIU, there's no relationship between accounts and
> > categories or applications or interserver ? right ? so returning the
> > real full name in id2name for account, doesn't disturb anything ? Or did
> > I miss your point Sigurd ?
> >
> That is also how I understand it. (Unless you really want the username
> (lid) for something).
>
> For the record - it's ok by me.
>
> Regards
>
> Sigurd
>
>
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
+-------------------------------------+-------------------------------+
| e address@hidden | w phpgroupware.org |
| j address@hidden | aim skwashd |
| icq 278064022 | msn address@hidden |
| sip address@hidden | y! skwashd |
+-------------------------------------+-------------------------------+