date:20110805

Re: Entity engine, sql functions: MAX() MIN() AVG() and etc.

2011-08-05 Thread Rishi Solanki

Look into the entitymodel.xml view entities.
You will see the alias entity-alias="" name="" and function="avg or count or
max or min or sum".
For this you need to set the flag group-by="true" on field for which you
want to see the max or min or avg. so that it will work on that set only.

HTH!

Rishi Solanki
Manager, Enterprise Software Development
HotWax Media Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxmedia.com

On Tue, Aug 2, 2011 at 3:24 PM, biletnikov  wrote:

> Hello,
> is it possible to use the sql functions : MAX()  MIN() AVG() and etc. via
> the entity engine?
> And how to do that?
>
> Thanks.
>
> --
> View this message in context:
> http://ofbiz.135035.n4.nabble.com/Entity-engine-sql-functions-MAX-MIN-AVG-and-etc-tp3711848p3711848.html
> Sent from the OFBiz - Dev mailing list archive at Nabble.com.
>

[jira] [Created] (OFBIZ-4362) MapKey for CMS content cannot be updated

2011-08-05 Thread Manuela Gruendlinger (JIRA)

MapKey for CMS content cannot be updated


 Key: OFBIZ-4362
 URL: https://issues.apache.org/jira/browse/OFBIZ-4362
 Project: OFBiz
  Issue Type: Bug
  Components: content
Affects Versions: SVN trunk
Reporter: Manuela Gruendlinger
Priority: Minor


When creating a CMS content with a MapKey, the ContentAssoc is created 
correctly, but the value cannot be updated any more. Moreover, the current 
value is not displayed in the UI at all.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (OFBIZ-4362) MapKey for CMS content cannot be updated

2011-08-05 Thread Manuela Gruendlinger (JIRA)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-4362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Manuela Gruendlinger updated OFBIZ-4362:


Attachment: OFBIZ-4362_update_cms_mapkeys.patch

The patch passes on all parameters required for displaying and updating the 
MapKey.

> MapKey for CMS content cannot be updated
> 
>
> Key: OFBIZ-4362
> URL: https://issues.apache.org/jira/browse/OFBIZ-4362
> Project: OFBiz
>  Issue Type: Bug
>  Components: content
>Affects Versions: SVN trunk
>Reporter: Manuela Gruendlinger
>Priority: Minor
> Attachments: OFBIZ-4362_update_cms_mapkeys.patch
>
>
> When creating a CMS content with a MapKey, the ContentAssoc is created 
> correctly, but the value cannot be updated any more. Moreover, the current 
> value is not displayed in the UI at all.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"

2011-08-05 Thread BJ Freeman (JIRA)


[ 
https://issues.apache.org/jira/browse/OFBIZ-4361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13080073#comment-13080073
 ] 

BJ Freeman commented on OFBIZ-4361:
---

as was addressed in the email thread on the user mailing list, forget password 
resets the password if passwords are set to be encrypted
so if someone maliciously puts in a forget password the user is blocked till 
they fnd the email and complete the process.
Captcha was suggested
http://svn.apache.org/viewvc?view=revision&revision=735965
could be implement but won't stop a person.
So If I understand Sam, The actual change password should happen on server. 
then email should have a https: URL to the server with a unique Key to identify 
the user.
The Key is good till the user activated it or it times out.
This way no password is effected till the user goes to the URL..


> Any ecommerce user has the ability to reset anothers password (including 
> admin) via "Forget Your Password"
> --
>
> Key: OFBIZ-4361
> URL: https://issues.apache.org/jira/browse/OFBIZ-4361
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: Release Branch 11.04, SVN trunk
> Environment: Ubuntu and others
>Reporter: mz4wheeler
>Priority: Critical
>  Labels: security
>
> Currently, any user (via ecommerce "Forget Your Password") has the ability to 
> reset another users password, including "admin" without permission.  By 
> simply entering "admin" and clicking "Email Password", the following is 
> displayed.
> The following occurred:
> A new password has been created and sent to you. Please check your Email.
> This now forces the user of the ERP to change their password.  It is also 
> possible to generate a dictionary attack against ofbiz because there is no 
> capta code required.  This is serious security risk.
> This feature could be reduced to a certain sub-set of users, whose login name 
> is optionally in the format of an email address, and maybe require a capta 
> code to prevent dictionary attacks.
> For example, limit the feature to role "Customer" of type "Person" which was 
> generated via an ecommerce transaction.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"

2011-08-05 Thread BJ Freeman (JIRA)


[ 
https://issues.apache.org/jira/browse/OFBIZ-4361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13080082#comment-13080082
 ] 

BJ Freeman commented on OFBIZ-4361:
---

as some history

I have five instances of ofbiz running including one demo.
I have yet, in 4 years, to have this happen.



> Any ecommerce user has the ability to reset anothers password (including 
> admin) via "Forget Your Password"
> --
>
> Key: OFBIZ-4361
> URL: https://issues.apache.org/jira/browse/OFBIZ-4361
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: Release Branch 11.04, SVN trunk
> Environment: Ubuntu and others
>Reporter: mz4wheeler
>Priority: Critical
>  Labels: security
>
> Currently, any user (via ecommerce "Forget Your Password") has the ability to 
> reset another users password, including "admin" without permission.  By 
> simply entering "admin" and clicking "Email Password", the following is 
> displayed.
> The following occurred:
> A new password has been created and sent to you. Please check your Email.
> This now forces the user of the ERP to change their password.  It is also 
> possible to generate a dictionary attack against ofbiz because there is no 
> capta code required.  This is serious security risk.
> This feature could be reduced to a certain sub-set of users, whose login name 
> is optionally in the format of an email address, and maybe require a capta 
> code to prevent dictionary attacks.
> For example, limit the feature to role "Customer" of type "Person" which was 
> generated via an ecommerce transaction.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

cdyne

2011-08-05 Thread Jacques Le Roux


Hi,

I really wonder if CdyneServices.java should be in commons or rather in 
commonext. It looks like an application util to me.

Jacques

Re: Entity engine, sql functions: MAX() MIN() AVG() and etc.

2011-08-05 Thread biletnikov

Thank you very much.

On Fri, Aug 5, 2011 at 11:41 AM, Rishi Solanki [via OFBiz] <
ml-node+3720708-983638428-170...@n4.nabble.com> wrote:

> Look into the entitymodel.xml view entities.
> You will see the alias entity-alias="" name="" and function="avg or count
> or
> max or min or sum".
> For this you need to set the flag group-by="true" on field for which you
> want to see the max or min or avg. so that it will work on that set only.
>
> HTH!
>
> Rishi Solanki
> Manager, Enterprise Software Development
> HotWax Media Pvt. Ltd.
> Direct: +91-9893287847
> http://www.hotwaxmedia.com
>
>
> On Tue, Aug 2, 2011 at 3:24 PM, biletnikov <[hidden 
> email]>
> wrote:
>
> > Hello,
> > is it possible to use the sql functions : MAX()  MIN() AVG() and etc. via
>
> > the entity engine?
> > And how to do that?
> >
> > Thanks.
> >
> > --
> > View this message in context:
> >
> http://ofbiz.135035.n4.nabble.com/Entity-engine-sql-functions-MAX-MIN-AVG-and-etc-tp3711848p3711848.html
> > Sent from the OFBiz - Dev mailing list archive at Nabble.com.
> >
>
>
> --
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://ofbiz.135035.n4.nabble.com/Entity-engine-sql-functions-MAX-MIN-AVG-and-etc-tp3711848p3720708.html
>  To unsubscribe from Entity engine, sql functions: MAX() MIN() AVG() and
> etc., click 
> here.
>
>



-- 
Best regards,
Sergei Biletnikov


--
View this message in context: 
http://ofbiz.135035.n4.nabble.com/Entity-engine-sql-functions-MAX-MIN-AVG-and-etc-tp3711848p3722457.html
Sent from the OFBiz - Dev mailing list archive at Nabble.com.

Re: Entity engine, sql functions: MAX() MIN() AVG() and etc.

[jira] [Created] (OFBIZ-4362) MapKey for CMS content cannot be updated

[jira] [Updated] (OFBIZ-4362) MapKey for CMS content cannot be updated

[jira] [Commented] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"

[jira] [Commented] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"

cdyne

Re: Entity engine, sql functions: MAX() MIN() AVG() and etc.

7 matches

Site Navigation

Mail list logo

Footer information