On 2016-07-07 17:22, Sergi Almacellas Abellana wrote:
> 
> Sergi Almacellas Abellana <sergi@koolpi.com> added the comment:
> 
> I reopen it because test is failing on postgresql: 
> 
> https://drone.tryton.org/trypod.tryton.org/tryton/trytond/default/8f2297978263a17dad33f4ded33edc871c0cc5c6

I think it is the sleep of 1 second that was removed.

Here is review27481002 to fix it

I reopen it because test is failing on postgresql: 

https://drone.tryton.org/trypod.tryton.org/tryton/trytond/default/8f2297978263a17dad33f4ded33edc871c0cc5c6

Please move the multi-database discussion to another separated issue.

> Hi Pokoli,
> 
> I fully support removal of database management on client side.
You just have to manage from server-side :) 

> I make an intensive use of multi-db feature and need an alternative if trytond no longer supports it.

For me, it's as easy as using on trytond process per database, so each database is isolated from other databases.

Hi Pokoli,

I fully support removal of database management on client side.
I make an intensive use of multi-db feature and need an alternative if trytond no longer supports it.

Here is review30261003 for tryton and review29311002 for trytond

I'm wondering if we should also remove the multidatabase support from trytond, and use one server per database and the pool should only have the classes of the current database.

We don't need to care about neso with issue5642.

Hi, Cedric 

On Thu, 10 Mar 2016 21:06:55 +0100
Cédric Krier <issue_tracker@tryton.org> wrote:

> Cédric Krier <cedric.krier@b2ck.com> added the comment:
> 
> I think it is better to move database manage to only neso and to
> remove the RPC database management API from the server. It was a
> mistake to keep the poor database manager from TinyERP.

Agree. 
It will be great to remove the DB management options from the client.
We will end up with a much more secure environment.

I think it is better to move database manage to only neso and to remove the RPC database management API from the server.
It was a mistake to keep the poor database manager from TinyERP.

Hi, Angel !
On Thu, 10 Mar 2016 19:50:07 +0100
Angel Alvarez <issue_tracker@tryton.org> wrote:

> Angel Alvarez <angel@nan-tic.com> added the comment:
> 
> 2016-03-10 19:47 GMT+01:00 Luis Falcon <issue_tracker@tryton.org>:
> 
> >
> > New submission from Luis Falcon <falcon@gnu.org>:
> >
> > Hi !
> >
> > I would like to implement the following additional features :
> >
> > * A native mechanism in Tryton that imposes a timeout upon a failed
> > login attempt to the Tryton administrator user (responsible to
> > create / backup / drop / restore ) database through the client.
> >
> >  
> check: https://bitbucket.org/nantic/trytond-password_expiry
> 

It looks great, thanks ! 

We can integrate it with cracklib, as I did with serverpass[1]

Just a couple of comments :

* By timeout I refer to not the "expiry", but the timeout in seconds if
  someone enters the wrong password.

* It probably it would be good to separate the roles from the admin
  user (ie, admin in res.user) and the trytond "super" user.

> > * Include serverpass[1] in the standard Tryton distribution
> >
> > * Make Trytond PAM-aware[2]
> >
> > 1.-
> > https://en.wikibooks.org/wiki/GNU_Health/Security#Serverpass:_The_Server_Password_Utility
> >
> > 2.- https://www.netbsd.org/docs/guide/en/chap-pam.html
> >
> > ----------
> > messages: 24736
> > nosy: meanmicio
> > priority: feature
> > status: unread
> > title: Additional security features for Tryton server
> > type: feature request
> >
> > _______________________________________________
> > Tryton issue tracker <issue_tracker@tryton.org>
> > <https://bugs.tryton.org/issue5384>
> > _______________________________________________
> >  
> 

Bests

2016-03-10 19:47 GMT+01:00 Luis Falcon <issue_tracker@tryton.org>:

>
> New submission from Luis Falcon <falcon@gnu.org>:
>
> Hi !
>
> I would like to implement the following additional features :
>
> * A native mechanism in Tryton that imposes a timeout upon a failed login
> attempt to the Tryton administrator user (responsible to create / backup /
> drop / restore ) database through the client.
>
>
check: https://bitbucket.org/nantic/trytond-password_expiry

> * Include serverpass[1] in the standard Tryton distribution
>
> * Make Trytond PAM-aware[2]
>
> 1.-
> https://en.wikibooks.org/wiki/GNU_Health/Security#Serverpass:_The_Server_Password_Utility
>
> 2.- https://www.netbsd.org/docs/guide/en/chap-pam.html
>
> ----------
> messages: 24736
> nosy: meanmicio
> priority: feature
> status: unread
> title: Additional security features for Tryton server
> type: feature request
>
> _______________________________________________
> Tryton issue tracker <issue_tracker@tryton.org>
> <https://bugs.tryton.org/issue5384>
> _______________________________________________
>

-- 
Àngel Àlvarez Serra
Tel. 93 553 18 03
@aasnan
www.NaN-tic.com <http://www.nan-tic.com/>

Avís legal >>

_______________________________________________
Nan mailing list
Nan@lists.nan-tic.com
http://lists.nan-tic.com/listinfo/nan

Hi !

I would like to implement the following additional features :

* A native mechanism in Tryton that imposes a timeout upon a failed login attempt to the Tryton administrator user (responsible to create / backup / drop / restore ) database through the client.

* Include serverpass[1] in the standard Tryton distribution

* Make Trytond PAM-aware[2]

1.- https://en.wikibooks.org/wiki/GNU_Health/Security#Serverpass:_The_Server_Password_Utility

2.- https://www.netbsd.org/docs/guide/en/chap-pam.html