Message 24699

Message id


On Wed, 09 Mar 2016 14:18:27 +0100
Nicolas √Čvrard <> wrote:

> >Admitting the vulnerability, and getting away from the state of
> >denial that you seem to be immersed is the first step to get out of
> >this crisis.  
> This kind of comment is very rude. I am very sad that you say such
> thing about my mental state.

It was never my intention to offend you. But I am sorry if the
comment was misinterpreted, please accept my apologies. 

> And btw the vulnerability is admitted

Thank you !

> >We should be happy and grateful that a vulnerability has been
> >detected and that can be fixed before someone else makes a huge hole
> >up your "backdoor" (in computer security terms ).  
> Well this issue has resulted in issue5377, so in the end it resulted
> in something useful for Tryton.

Thanks ! I looked at it. We still have the vulnerability since tryton
still allowis anonymous writes into a DB table. That
takes a lot of IO, CPU, online redo logs, and all the overhead
that implies storing info in a RDBMS object. A very high price
that we should avoid.

BTW, if we want to use a DB object to store volatile / ephemeral
information, with heavy IO, we could use unlogged postgres tables. 


> _______________________________________________
> Tryton issue tracker <>
> <>
> _______________________________________________
Date User Action Args
2016-03-09 17:14:18meanmiciosetrecipients: + nicoe
2016-03-09 17:14:18meanmiciolinkissue5375 messages
2016-03-09 17:14:17meanmiciocreate

Showing 10 items. Show all history (warning: this could be VERY long)