On 2016-06-03 12:10, Guillem Barba wrote: > 2016-06-03 10:37 GMT+02:00 Cédric Krier <firstname.lastname@example.org>: > > Cédric Krier <email@example.com> added the comment: > > > > I don't think company is more important than any other context data. So it > > is the all context that needs to be put. But then we start to have a > > security concern because we are leaking data by emails. > > > > I disagree. > The company is a very important concept in the ERP. There are lot of data > (the main data) that are related to a company. It is not more important than any other data. But of course, if you are using the client to find the issue, you will have difficulties because of company record rules. But for me, it is the record rules the problem, not the cron message. If you talk about related data then it is probably the user Model who has the more links. > And about security concert, the company is a public field of all models. > At least, in the e-mail we send the database name and the traceback with > paths, it could be more dangerous than the company name... I think My concern about security was not about company but about the all context. About the URL, there is no sensitive data in it.
|2016-06-03 12:30:07||ced||set||recipients: + resteve, guillemNaN|
|2016-06-03 12:30:07||ced||link||issue5581 messages|
Showing 10 items. Show all history (warning: this could be VERY long)