On 15/09/10 15:04 +0200, Tobias Paepke wrote: > Am 15.09.10 13:33, schrieb Cédric Krier: > > On 15/09/10 12:44 +0200, Tobias Paepke wrote: > >> Am 15.09.10 12:32, schrieb Cédric Krier: > >>> On 15/09/10 12:29 +0200, Tobias Paepke wrote: > >>>> Am 15.09.10 12:24, schrieb Cédric Krier: > >>>>> Hi, > >>>>> > >>>>> One of biggest security issue in default trytond installation is the > >>>>> admin_password that is in clear text in trytond.conf. > >>>>> > >>>>> This is a legacy from OpenERP to allow newbie users to setup a database > >>>>> from > >>>>> the client easily. > >>>>> > >>>>> I propose to change the cleared hardcoded password with a validation of > >>>>> the > >>>>> password of the user running trytond. > >>>>> > >>>>> What do you think? > >>>>> > >>>> what about a hashed password in config? > >>> It is hard to create/update. > >> It is anyway on windows. For example you have to define the password for > >> the user which is running tryton-service in the service management. If > >> you change that password, it will stop working. > > Why? > > > cause you have to supply the username and password to the service. If > you change that password you would run into trouble.
So it is just a matter of configuration. -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email/Jabber: [email protected] Website: http://www.b2ck.com/
pgpi8SBPxoWxi.pgp
Description: PGP signature
