Yes david if it is a bug, but by your definition many times this is a fearture. My point of the second paragraph that you did not include 1)part of the solution providing a way to circomvent security isssues not part of ofbiz but how one sets up ofbiz 2)the issues are addressed if one reads the code.
David E Jones sent the following on 8/4/2011 8:38 AM: > > On Aug 4, 2011, at 6:39 AM, BJ Freeman wrote: > >> It sounds like you speaking of Ofbiz as a finished product, in which >> case I agree with you first paragraph. However Ofbiz is not a finished >> product and is meant for Consultants to setup for end users. The >> consultant should know this information and make the application they >> setup for their client fully secure. > > Sorry BJ, this simply isn't true. If there is something bad in the project it > should be changed. > > By your line of reasoning everyone doing consulting based on OFBiz should > keep a big list of issues to address every time they do anything for a > client… wouldn't it be better to just fix those things and be done with it? > > -David > >
