c2c-oerpscenario team mailing list archive

["Olivier Dony \(OpenERP\)" <738721@xxxxxxxxxxxxxxxxxx>]

On 05/19/2011 01:52 AM, Raphaël Valyi - http://www.akretion.com wrote:
> Well, what is that such a big trouble? Yes you cannot recover the password
> but it's trivial for the administrator to generate a new valid password and
> send it to the user.

I'm not saying it's big trouble, just that it's a feature, and a choice
people might want. You can reverse the question and ask what is the big
issue with installing base_crypt? (no, you don't need it for LDAP)


> Look, in our daily consultant work, it's just too frequent one give ERP or
> database admin right to some third party consultant. Today that guy can
> always rip all the passwords of all companies employees and this potentially
> happening everywhere in the world where OpenERP is deployed.

Exactly. You're illustrating the second point in previous comment. You
say encrypted password make you more confident giving full access to
third-party people. That's fallacious reasoning: why aren't you worried
about the rest of the database? You should be.
Unix passwords are encrypted by default. Do you go and give root access
to everyone because it's safe: they can't steal passwords? I don't.

Remember, I'm not saying encrypted passwords are bad. I'm just saying
people should start considering them as _one reasonable option_ among a
large number of security measures to take, and not as the unique or
ultimate magic answer to all security considerations.

Anyway, that's just my opinion, anyone is free to think otherwise.

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/738721

Title:
  base_crypt and users_ldap don't work together

Status in OpenERP Modules (addons):
  Confirmed

Bug description:
  I installed and configured users_ldap so that all of my users can login using their credentials stored in OpenLDAP, which worked fine. Then I installed base_crypt (with the intention of all other passwords in the db, for non-ldap-users like 'admin') being encrypted. However, this prevents all LDAP users from logging in.
  I suppose that base_crypt tries to authenticate the user and if this fails, login fails, without users_ldap trying to authenticate. I think this behaviour should be changed towards:
   1. Check whether user can login using the (possibly encrypted) password in the database.
   2. If not, check whether user can login using the LDAP password.
   3. If now, refuse access.
  Right now, the second step seems to be omitted when base_crypt is used.