Re: [Phpgroupware-developers] patch for review

[Benoit Hamet]

Hi all, .

<snip>
>> There is also applications::d2name , categories::d2name and
>> interserver::d2name.
>> I think it risky to rename the calls to only accounts::id2name - I
>> think it would be better to keep the "old" accounts::id2name - and
>> rather implement the new accounts::id2name as accounts::id2full_name
>> or something.
> 
> It hasn't been renamed.  The old method accounts::id2name now returns
> the user's fullname, and doesn't reveal the user's login id, which is
> good security imho.  If you already have the login id then you have 1
> half of the puzzle for cracking an account.  Some organizations have
> policies on login ids others don't, which will also impact on benefit of
> this change.
> 
> applications::d2name , categories::d2name and interserver::id2name are
> uneffected by this change, as they return the relevant string for the
> data type and it has no security implications.
> 
> The change in the string returned by accounts::id2name has been in HEAD
> for months.  The new accounts::id2lid is only for those cases where
> internally we need the login id, which is very rare.  As
> accounts::id2name is used a lot for presenting username information in
> the GUI, it is safest to change the functionality.  Where there is a
> need to for the login id, use accounts::id2lid, which can be changed
> manually on a case by case basis.

It looks ok to me. AFAIU, there's no relationship between accounts and
categories or applications or interserver ? right ? so returning the
real full name in id2name for account, doesn't disturb anything ? Or did
I miss your point Sigurd ?

Cheers,

Caeies.