Message 26082

Author
ced
Date
2016-06-03.12:30:06
Message id
26082

Content

On 2016-06-03 12:10, Guillem Barba wrote:
> 2016-06-03 10:37 GMT+02:00 Cédric Krier <issue_tracker@tryton.org>:
> > Cédric Krier <cedric.krier@b2ck.com> added the comment:
> >
> > I don't think company is more important than any other context data. So it
> > is the all context that needs to be put. But then we start to have a
> > security concern because we are leaking data by emails.
> >
> 
> I disagree.
> The company is a very important concept in the ERP. There are lot of data
> (the main data) that are related to a company.

It is not more important than any other data. But of course, if you are
using the client to find the issue, you will have difficulties because
of company record rules. But for me, it is the record rules the problem,
not the cron message.
If you talk about related data then it is probably the user Model who
has the more links.

> And about security concert, the company is a public field of all models.
> At least, in the e-mail we send the database name and the traceback with
> paths, it could be more dangerous than the company name... I think

My concern about security was not about company but about the all
context.
About the URL, there is no sensitive data in it.
History
Date User Action Args
2016-06-03 12:30:07cedsetrecipients: + resteve, guillemNaN
2016-06-03 12:30:07cedlinkissue5581 messages
2016-06-03 12:30:06cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)