Re: Move 'SecurityPermission' data to seed data files

2020-08-11 Thread Priya Sharma 
Thanks, @Jacques Le Roux
I have provided a patch for this improvement.

On Mon, 10 Aug 2020 at 20:00, Jacques Le Roux
 wrote:
>
> Hi Priya,
>
> I agree that only SecurityPermission are seed data.
>
> +1 for OFBIZ-10575
>
> Jacques
>
> Le 10/08/2020 à 06:46, Priya Sharma a écrit :
> > Thanks everyone for your responses.
> > @Devanshu, security data for the "SUPER" user is already part of seed
> > data for most components.
> >
> > As per the above discussion, we can conclude to move only the
> > SecurityPermission data to seed data files. (OFBIZ-10575)
> >
> > If anyone still wants to add something, you are always welcome.
> >
> > On Tue, 4 Aug 2020 at 15:02, Devanshu Vyas  
> > wrote:
> >> I agree with Deepak here that SecurityPermission is seed data and rest is a
> >> part of demo data.
> >>
> >> But, I would like to raise a point here that some SecurityGroup and
> >> SecurityGroupPermission data can also be a part of seed data. Like for
> >> example, SUPER.
> >> Maybe, we can differentiate which SecurityGroup and SecurityGroupPermission
> >> data should be a part of seed data as well.
> >>
> >> Thanks & Regards,
> >> Devanshu Vyas.
> >>
> >>
> >> On Tue, Aug 4, 2020 at 2:31 PM Deepak Dixit  wrote:
> >>
> >>> IMO SecurityPermission data should be moved to Seed data,
> >>> and SecurityGroup and SecurityGroupPermission data is part of demo data
> >>>
> >>> Thanks & Regards
> >>> --
> >>> Deepak Dixit
> >>> ofbiz.apache.org
> >>>
> >>>
> >>> On Fri, Jul 31, 2020 at 5:43 PM Priya Sharma 
> >>> wrote:
> >>>
>  Hello All,
> 
>  As per discussion on
>  https://issues.apache.org/jira/browse/OFBIZ-10575, we would like to
>  confirm whether all security data (i.e SecurityPermission,
>  SecurityGroupPermission and hence SecurityGroup) be moved to seed data
>  files or only SecurityPermission data.
> 
>  Is there any particular use-case that may be harmed or any other
>  potential security threat that may arise with this change?
> 
>  Please provide your feedback, concerns, or suggestions.
> 
>  --
>  Best Regards,
>  Priya
> 
> >
> >



-- 
Best Regards,
Priya

Demos shutdown because possible security issues

2020-08-11 Thread Jacques Le Roux 

Hi,

Due to possible security issues the demos have been shutdown.

These possible security issues are due to the demos data.

So custom projects should not have to worry.

So far, only 2 post-auth vulnerabilities have been reported. I'll create Jiras 
for them.

We need to discuss how to restart the demos.

In the meantime we also need to fix the 2 post-auth vulnerabilities

Jacques

Re: varchar(255) in fieldtypepostgres.xml

2020-08-11 Thread Jacques Le Roux 

Hi,

Please check https://svn.apache.org/viewvc?view=revision&revision=1697590

This is also related https://markmail.org/message/xuwhnbmum3evejwk

Jacques

Le 10/08/2020 à 20:30, Development a écrit :

In /framework/entity/fieldtype/fieldtypepostgres.xml I saw some lines like:

 
 
 


In postgres, using "VARCHAR(255)" saves no space in the database over using "VARCHAR" 
(with no number) or "TEXT", the only difference is that the 255 slows it down with error checking.

Is there any reason on the ofbiz side to not just change this to plain "VARCHAR" or 
"TEXT"?  Like perhaps the forms would only display the first 255 characters of it or 
something?

Obviously I can do this for my own installation.  I'm asking here cause it 
feels like something that should be pushed upstream.







CONFIDENTIALITY NOTICE: This message is intended only for the use of the person 
or organization to which it is addressed or was intended to be addressed, and 
may contain information that is privileged, confidential and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, or responsible for delivering the message to the intended 
recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you have received this 
communication in error, please notify the sender immediately by email and 
delete the original message immediately . The sender, its subsidiaries and 
affiliates, do not accept liability for any errors, omissions, corruption or 
virus in the contents of this message or any attachments that arise as a result 
of e-mail transmission. Thank you.

Re: [ofbiz-site] branch master updated: Info about disabling demos

2020-08-11 Thread jler...@apache.org 

BTW we have this report:

https://github.com/apache/ofbiz-site/network/alerts

I did not check details, maybe we need to update Bootstrap?

Jacques

Le 11/08/2020 à 13:53, jler...@apache.org a écrit :

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git


The following commit(s) were added to refs/heads/master by this push:
  new 6b46338  Info about disabling demos
6b46338 is described below

commit 6b4633867a6042f3facbe6939c392f6c55fd1791
Author: Jacques Le Roux 
AuthorDate: Tue Aug 11 13:53:31 2020 +0200

 Info about disabling demos
---
  ofbiz-demos.html  | 2 +-
  template/page/ofbiz-demos.tpl.php | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ofbiz-demos.html b/ofbiz-demos.html
index 00fdffd..5efbe2a 100644
--- a/ofbiz-demos.html
+++ b/ofbiz-demos.html
@@ -137,7 +137,7 @@

  

-About our Demos
+About our Demos  Our demos are currently disabled for 
security reason
  
  We have several online OFBiz demos that you can try out. Each demo is 
split into two areas:
  
diff --git a/template/page/ofbiz-demos.tpl.php 
b/template/page/ofbiz-demos.tpl.php
index 0dd158b..135c98c 100644
--- a/template/page/ofbiz-demos.tpl.php
+++ b/template/page/ofbiz-demos.tpl.php
@@ -27,7 +27,7 @@

  

-About our Demos
+About our Demos  Our demos are currently disabled for 
security reason
  
  We have several online OFBiz demos that you can try out. Each demo is 
split into two areas:

Re: varchar(255) in fieldtypepostgres.xml

2020-08-11 Thread Roque Hernandez 
Dear OfBiz,

I have tried to unsubscribe from all of your email lists following the
instructions on your website, but I am still getting many emails
especially from forums.  Please, help take care of this since I am trying
to control the amount of emails I get to this account.  Thank you in
advance for your time.

Sincerely,

Roque Hernandez

On Mon, Aug 10, 2020 at 1:31 PM Development  wrote:

>
> In /framework/entity/fieldtype/fieldtypepostgres.xml I saw some lines like:
>
>  java-type="String"/>
>  java-type="String"/>
>  java-type="String"/>
>
>
> In postgres, using "VARCHAR(255)" saves no space in the database over
> using "VARCHAR" (with no number) or "TEXT", the only difference is that the
> 255 slows it down with error checking.
>
> Is there any reason on the ofbiz side to not just change this to plain
> "VARCHAR" or "TEXT"?  Like perhaps the forms would only display the first
> 255 characters of it or something?
>
> Obviously I can do this for my own installation.  I'm asking here cause it
> feels like something that should be pushed upstream.
>
>
>
>
>
>
>
> CONFIDENTIALITY NOTICE: This message is intended only for the use of the
> person or organization to which it is addressed or was intended to be
> addressed, and may contain information that is privileged, confidential and
> exempt from disclosure under applicable law. If the reader of this message
> is not the intended recipient, or responsible for delivering the message to
> the intended recipient, you are hereby notified that any dissemination,
> distribution or copying of this communication is strictly prohibited. If
> you have received this communication in error, please notify the sender
> immediately by email and delete the original message immediately . The
> sender, its subsidiaries and affiliates, do not accept liability for any
> errors, omissions, corruption or virus in the contents of this message or
> any attachments that arise as a result of e-mail transmission. Thank you.
>

Re: varchar(255) in fieldtypepostgres.xml

2020-08-11 Thread Jacques Le Roux 

Hi Roque,

With this email I'm unsubscribing you from both dev and user ML.

You speak about forums, if it's Nabble then you need to unsubscribe there

HTH

Jacques

Le 11/08/2020 à 18:41, Roque Hernandez a écrit :

Dear OfBiz,

I have tried to unsubscribe from all of your email lists following the
instructions on your website, but I am still getting many emails
especially from forums.  Please, help take care of this since I am trying
to control the amount of emails I get to this account.  Thank you in
advance for your time.

Sincerely,

Roque Hernandez

On Mon, Aug 10, 2020 at 1:31 PM Development  wrote:


In /framework/entity/fieldtype/fieldtypepostgres.xml I saw some lines like:

 
 
 


In postgres, using "VARCHAR(255)" saves no space in the database over
using "VARCHAR" (with no number) or "TEXT", the only difference is that the
255 slows it down with error checking.

Is there any reason on the ofbiz side to not just change this to plain
"VARCHAR" or "TEXT"?  Like perhaps the forms would only display the first
255 characters of it or something?

Obviously I can do this for my own installation.  I'm asking here cause it
feels like something that should be pushed upstream.







CONFIDENTIALITY NOTICE: This message is intended only for the use of the
person or organization to which it is addressed or was intended to be
addressed, and may contain information that is privileged, confidential and
exempt from disclosure under applicable law. If the reader of this message
is not the intended recipient, or responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If
you have received this communication in error, please notify the sender
immediately by email and delete the original message immediately . The
sender, its subsidiaries and affiliates, do not accept liability for any
errors, omissions, corruption or virus in the contents of this message or
any attachments that arise as a result of e-mail transmission. Thank you.

Re: Welcome Aditya Sharma as new PMC member

2020-08-11 Thread Rishi Solanki 
I missed the celebration. Congratulations Aditya!!

Best Regards,
--
Rishi Solanki
*CTO, Mindpath Technology*
Intelligent Solutions
cell: +91-98932-87847
LinkedIn 


On Sun, Jul 12, 2020 at 4:16 PM Sharan Foga  wrote:

> Congratulations and welcome Aditya :-)
>
> Thanks
> Sharan
>
> On 2020/07/05 16:53:22, Jacques Le Roux 
> wrote:
> > The OFBiz PMC has invited Aditya Sharma to become member of the
> committee and we are glad to announce that he has accepted the nomination.
> >
> > On behalf of the OFBiz PMC, welcome on board Aditya!
> >
> >
>

Re: Welcome Arun Patidar as new PMC member

2020-08-11 Thread Rishi Solanki 
I missed the celebration. Congratulations Arun!!


Best Regards,
--
Rishi Solanki
*CTO, Mindpath Technology*
Intelligent Solutions
cell: +91-98932-87847
LinkedIn 


On Sun, Jul 12, 2020 at 4:19 PM Sharan Foga  wrote:

> Congratulations and welcome Arun!
>
> Thanks
> Sharan
>
> On 2020/07/06 07:00:08, Jacques Le Roux 
> wrote:
> > The OFBiz PMC has invited Arun Patidar to become member of the committee
> and we are glad to announce that he has accepted the nomination.
> >
> > On behalf of the OFBiz PMC, welcome on board Arun!
> >
> >
>

Re: Welcome Aditya Sharma as new PMC member

2020-08-11 Thread Jacques Le Roux 

Good to see you back Rishi :)

Jacques

Le 12/08/2020 à 06:36, Rishi Solanki a écrit :

I missed the celebration. Congratulations Aditya!!

Best Regards,
--
Rishi Solanki
*CTO, Mindpath Technology*
Intelligent Solutions
cell: +91-98932-87847
LinkedIn 


On Sun, Jul 12, 2020 at 4:16 PM Sharan Foga  wrote:


Congratulations and welcome Aditya :-)

Thanks
Sharan

On 2020/07/05 16:53:22, Jacques Le Roux 
wrote:

The OFBiz PMC has invited Aditya Sharma to become member of the

committee and we are glad to announce that he has accepted the nomination.

On behalf of the OFBiz PMC, welcome on board Aditya!