[
https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450450#comment-17450450
]
Marco RODRIGUES edited comment on OFBIZ-9498 at 11/29/21, 1:26 PM:
-------------------------------------------------------------------
{{Hi,}}
{{I am starting a training course with Néréide to improve my skills in
community contribution and get to know OfBiz better}}
{{I went through a lot of the related threads to get an idea of where this is
at.}}
{{Globally, there seem to have thre main ways with various implementation :}}
{{- in code}}
{{- in the application database}}
{{- in system (file or environment variable)}}
{{If solution that seems the most used by mainstrem projects, is to store
overridable sensitive data in a system file, there seems to have no perfect
solution.}}
{{It depends on the person responsible for security and the policy they apply.
Both to secure and to identify and respond to intrusions}}
{\{As Jacques Le Roux says : "I think we can suggest more than one solution and
people can then pick the one fitting more for them"}}
{{For the overload in the application code, this is a case which I think is
handled by the usual development processes.}}
{{For the other cases, which use a resource that can be qualified as external,
and which make it possible to respond to problems of the "ISO/CEI 27002, 6.1.2
Segregation of duties" type, this requires that the application code provide
for an activation of the available cases and a mechanism. overloading of
variable values.}}
{{Then each production manager will be able to manage independently of the
application.}}
{{Nereide agreed to pull us the code they use to manage environment variables
on [https://github.com/apache/ofbiz-framework/pull/355]}}
It seems to me that this is a good base on which to work. With your help, I
should be able to come up with a solution that is useful and acceptable to all.
\{{}}
was (Author: JIRAUSER280242):
{{Hi,}}
{{I am starting a training course with Néréide to improve my skills in
community contribution and get to know OfBiz better}}
{{I went through a lot of the related threads to get an idea of where this is
at.}}
{{Globally, there seem to have thre main ways with various implementation :}}
{{- in code}}
{{- in the application database}}
{{- in system (file or environment variable)}}
{{If solution that seems the most used by mainstrem projects, is to store
overridable sensitive data in a system file, there seems to have no perfect
solution.}}
{{It depends on the person responsible for security and the policy they apply.
Both to secure and to identify and respond to intrusions}}
{{As Jacques Le Roux says : "I think we can suggest more than one solution and
people can then pick the one
fitting more for them"}}
{{For the overload in the application code, this is a case which I think is
handled by the usual development processes.}}
{{For the other cases, which use a resource that can be qualified as external,
and which make it possible to respond to problems of the "ISO/CEI 27002, 6.1.2
Segregation of duties" type, this requires that the application code provide
for an activation of the available cases and a mechanism. overloading of
variable values.}}
{{Then each production manager will be able to manage independently of the
application.}}
{{Nereide agreed to pull us the code they use to manage environment variables
on https://github.com/apache/ofbiz-framework/pull/355}}
It seems to me that this is a good base on which to work. With your help, I
should be able to come up with a solution that is useful and acceptable to all.
{{}}
> Improve DevOps using environment variable configuration
> -------------------------------------------------------
>
> Key: OFBIZ-9498
> URL: https://issues.apache.org/jira/browse/OFBIZ-9498
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: Gil Portenseigne
> Assignee: Gil Portenseigne
> Priority: Minor
> Attachments: OFBIZ-9498.patch
>
>
> Discussed in thread : https://s.apache.org/Mh3q
> This Jira will present the improvment proposal giving a way to configure
> OFBiz using environment variable.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
