RE: [Phpgroupware-developers] patch for review

phpgroupware-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Phpgroupware-developers] patch for review

From:	Dave Hall
Subject:	RE: [Phpgroupware-developers] patch for review
Date:	Wed, 06 Sep 2006 19:41:33 +1000

Hi Sigurd,

On Wed, 2006-09-06 at 11:18 +0200, Sigurd Nes wrote:
> > Hi all,
> >
> > In HEAD accounts::id2lid returns the user's full name not the login
> id.
> 
> I assume you mean accounts::id2name
> 

Yes sorry i had id2lid on the mind last night.

> > Some parts of phpgw still rely on the old functionality of
> > accounts::id2name, I have implemented it as id2lid.
> >
> > See http://savannah.gnu.org/patch/?5373
> > 
> > Any comments are welcomed, if no one objects in the next 24hrs or
> so, I
> > will commit it.
> There is also applications::d2name , categories::d2name and
> interserver::d2name.
> I think it risky to rename the calls to only accounts::id2name - I
> think it would be better to keep the "old" accounts::id2name - and
> rather implement the new accounts::id2name as accounts::id2full_name
> or something.

It hasn't been renamed.  The old method accounts::id2name now returns
the user's fullname, and doesn't reveal the user's login id, which is
good security imho.  If you already have the login id then you have 1
half of the puzzle for cracking an account.  Some organizations have
policies on login ids others don't, which will also impact on benefit of
this change.

applications::d2name , categories::d2name and interserver::id2name are
uneffected by this change, as they return the relevant string for the
data type and it has no security implications.

The change in the string returned by accounts::id2name has been in HEAD
for months.  The new accounts::id2lid is only for those cases where
internally we need the login id, which is very rare.  As
accounts::id2name is used a lot for presenting username information in
the GUI, it is safest to change the functionality.  Where there is a
need to for the login id, use accounts::id2lid, which can be changed
manually on a case by case basis.

I hope this makes the change clearer.

Cheers

Dave
-- 
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
+-------------------------------------+-------------------------------+
| e address@hidden          | w phpgroupware.org            |
| j address@hidden                 | aim skwashd                   |
| icq 278064022                       | msn address@hidden       |
| sip address@hidden       | y! skwashd                    |
+-------------------------------------+-------------------------------+

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-developers] patch for review, Dave Hall, 2006/09/05
- RE: [Phpgroupware-developers] patch for review, Sigurd Nes, 2006/09/06
  - RE: [Phpgroupware-developers] patch for review, Dave Hall <=
    - Re: [Phpgroupware-developers] patch for review, Benoit Hamet, 2006/09/06
    - Re: [Phpgroupware-developers] patch for review, Sigurd Nes, 2006/09/06
    - Re: [Phpgroupware-developers] patch for review, Dave Hall, 2006/09/06

Prev by Date: RE: [Phpgroupware-developers] patch for review
Next by Date: [Phpgroupware-developers] SSO / shibboleth patch integration in HEAD request.
Previous by thread: RE: [Phpgroupware-developers] patch for review
Next by thread: Re: [Phpgroupware-developers] patch for review
Index(es):
- Date
- Thread