Hi James,
actually `checkSecureParameter` is only for service event in a request
map. So it doesn't mean you are updating server data. Moreover you can
also update server data with a java event and in this case
`checkSecureParameter` is not called. So in my opinion this protection
is very limited.
Hi Mathieu,
Csrf attack is easier on GET than POST request. While there are plans to
implement csrf token within OFBiz (OFBIZ-10427), it is not completed yet. So
allowing any GET request to change server data with url parameter values should
preferably be done after csrf protection is impleme
>>How a great deal is that? I mean compared to what we already know about
"framework" dependencies on plugins and related issues. And we certainly
miss
some others...
I am not comparing, we already discussed this at the time of cutting
plugins from framework.
To achieve this right way is to have d
Hello Deepak, all,
I do not have a strong opinion about separating plugins into independent
git repositories but here are my thought :
Plugins integration in OFBiz is intended to be used with a maven
repository that hosts the plugin releases for the users. See as a
reference the ‘OFBiz Plugins ta
Le 07/11/2019 à 11:50, Deepak Dixit a écrit :
Agree we may some issues, we need to find out and fix if found.
We have already found several, most are in:
https://issues.apache.org/jira/browse/OFBIZ-3500
https://issues.apache.org/jira/browse/OFBIZ-9322
As per current git repo, How user can
Agree we may some issues, we need to find out and fix if found.
As per current git repo, How user can only checkout and use ecommerce or bi
or any single component?
It was possible in with svn, but in git we need separate repository :)
Thanks & Regards
--
Deepak Dixit
ofbiz.apache.org
On Thu,