ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Olivier Heintz (Jira)" <j...@apache.org>
Subject [jira] [Reopened] (OFBIZ-11244) Remove the user login security question
Date Mon, 16 Mar 2020 16:16:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-11244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Olivier Heintz reopened OFBIZ-11244:

In the commit, for the securityForms.xml

6 extra lines have been deleted, those concerning the submit and cancel button

- <field name="submitButton" title="${uiLabelMap.CommonSave}" widget-style="smallSubmit"><submit
- <field name="cancelLink" title=" " widget-style="smallSubmit">
- <hyperlink description="${uiLabelMap.CommonCancelDone}" target="${cancelPage}" also-hidden="false">
- <parameter param-name="partyId"/>
- </hyperlink>
- </field>
{{It's no more possible to add a user login}}

> Remove the user login security question
> ---------------------------------------
>                 Key: OFBIZ-11244
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11244
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ecommerce, framework, party
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Michael Brohl
>            Priority: Major
>             Fix For: Upcoming Branch
>         Attachments: OFBIZ-11244-framework.patch, OFBIZ-11244-plugins.patch
> After our discussion in dev ML at https://markmail.org/message/2dhc4al4adwgvl7z we will
remove this feature. This [~paulfoxworthy]'s remark is notably important:
> bq. Security is only as good as its weakest link ( https://www.schneier.com/essays/archives/2005/02/the_curse_of_the_sec.html)
, and security questions can be a real weakness. Any organisation using OFBiz that really
hates passwords could look at security keys from Yubico or the like.

This message was sent by Atlassian Jira

View raw message