[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450450#comment-17450450 ]
Marco RODRIGUES edited comment on OFBIZ-9498 at 11/29/21, 1:26 PM: ------------------------------------------------------------------- {{Hi,}} {{I am starting a training course with Néréide to improve my skills in community contribution and get to know OfBiz better}} {{I went through a lot of the related threads to get an idea of where this is at.}} {{Globally, there seem to have thre main ways with various implementation :}} {{- in code}} {{- in the application database}} {{- in system (file or environment variable)}} {{If solution that seems the most used by mainstrem projects, is to store overridable sensitive data in a system file, there seems to have no perfect solution.}} {{It depends on the person responsible for security and the policy they apply. Both to secure and to identify and respond to intrusions}} {\{As Jacques Le Roux says : "I think we can suggest more than one solution and people can then pick the one fitting more for them"}} {{For the overload in the application code, this is a case which I think is handled by the usual development processes.}} {{For the other cases, which use a resource that can be qualified as external, and which make it possible to respond to problems of the "ISO/CEI 27002, 6.1.2 Segregation of duties" type, this requires that the application code provide for an activation of the available cases and a mechanism. overloading of variable values.}} {{Then each production manager will be able to manage independently of the application.}} {{Nereide agreed to pull us the code they use to manage environment variables on [https://github.com/apache/ofbiz-framework/pull/355]}} It seems to me that this is a good base on which to work. With your help, I should be able to come up with a solution that is useful and acceptable to all. \{{}} was (Author: JIRAUSER280242): {{Hi,}} {{I am starting a training course with Néréide to improve my skills in community contribution and get to know OfBiz better}} {{I went through a lot of the related threads to get an idea of where this is at.}} {{Globally, there seem to have thre main ways with various implementation :}} {{- in code}} {{- in the application database}} {{- in system (file or environment variable)}} {{If solution that seems the most used by mainstrem projects, is to store overridable sensitive data in a system file, there seems to have no perfect solution.}} {{It depends on the person responsible for security and the policy they apply. Both to secure and to identify and respond to intrusions}} {{As Jacques Le Roux says : "I think we can suggest more than one solution and people can then pick the one fitting more for them"}} {{For the overload in the application code, this is a case which I think is handled by the usual development processes.}} {{For the other cases, which use a resource that can be qualified as external, and which make it possible to respond to problems of the "ISO/CEI 27002, 6.1.2 Segregation of duties" type, this requires that the application code provide for an activation of the available cases and a mechanism. overloading of variable values.}} {{Then each production manager will be able to manage independently of the application.}} {{Nereide agreed to pull us the code they use to manage environment variables on https://github.com/apache/ofbiz-framework/pull/355}} It seems to me that this is a good base on which to work. With your help, I should be able to come up with a solution that is useful and acceptable to all. {{}} > Improve DevOps using environment variable configuration > ------------------------------------------------------- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework > Affects Versions: Trunk > Reporter: Gil Portenseigne > Assignee: Gil Portenseigne > Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)