Message 26080

Author
guillemNaN
Date
2016-06-03.12:10:06
Message id
26080

Content

2016-06-03 10:37 GMT+02:00 Cédric Krier <issue_tracker@tryton.org>:

>
> Cédric Krier <cedric.krier@b2ck.com> added the comment:
>
> I don't think company is more important than any other context data. So it
> is the all context that needs to be put. But then we start to have a
> security concern because we are leaking data by emails.
>

I disagree.
The company is a very important concept in the ERP. There are lot of data
(the main data) that are related to a company.
And about security concert, the company is a public field of all models.
At least, in the e-mail we send the database name and the traceback with
paths, it could be more dangerous than the company name... I think

An alternative is to save in the cron the "execution" record (similar that
is done in BaBI module, but in that module the execution is more important
and provably less often than in cron) with an identifier and all relevant
information and in the e-mail send this identifier to be able to see the
traceback and the other information inside the ERP.

> Also you have the last company run written on the cron user.
>

No, because the send e-mail action is done after rollback.
I thought to move rollback after send e-mail, but despite the current
implementation of send e-mail doesn't save any data, I think it's not a
good idea to do this action before the rollback, because someone could want
to extend send e-mail saving something.

I think the only option is to have a function that executes the cron (like
the old "_callback") that is called in run() and run_once() an is the
function extended by company module.

Files

File name Uploaded Type Details
unnamed guillemNaN, 2016-06-03.12:10:05 text/plain view
History
Date User Action Args
2016-06-03 12:10:07guillemNaNsetrecipients: + ced
2016-06-03 12:10:07guillemNaNlinkissue5581 messages
2016-06-03 12:10:06guillemNaNcreate

Showing 10 items. Show all history (warning: this could be VERY long)