openerp-community team mailing list archive

Thread
Date

Re: XMLRPC : special method for raw SQL instead of search + read ?

To: Christophe Dubuit <cdubuit@xxxxxxxxx>
From: Alexandre Fayolle <alexandre.fayolle@xxxxxxxxxxxxxx>
Date: Tue, 15 Oct 2013 15:12:25 +0200
Cc: "openerp-community@xxxxxxxxxxxxxxxxxxx" <openerp-community@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <1381839561.30530.YahooMailNeo@web172305.mail.ir2.yahoo.com>
Organization: camptocamp
User-agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0

On 15/10/2013 14:19, Christophe Dubuit wrote:
> Okay, but what if this method would be restricted to user with
> "administator" privileges only ?
>

a user with administrator privileges already has other means of
accessing the db (such as direct SQL connection if required, or erppeek)


> Plus, we have to see the context. Someone who uses XMLRPC queries...
> usually is an admin, don't you think ?
>
> XMLRPC / JSON queries are for "behind work", "plumber work"... Not
> reallly regular front users.

don't forget smart interns who want to know information that they are
not entitled to see.


-- 
Alexandre Fayolle
Chef de Projet
Tel : + 33 (0)4 79 26 57 94

Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac Cedex
http://www.camptocamp.com

References

XMLRPC : special method for raw SQL instead of search + read ?
From: Christophe Dubuit, 2013-10-15
Re: XMLRPC : special method for raw SQL instead of search + read ?
From: Alexandre Fayolle, 2013-10-15
Re: XMLRPC : special method for raw SQL instead of search + read ?
From: Christophe Dubuit, 2013-10-15