You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Dimitri Unruh <di...@lynx.de> on 2011/09/14 16:40:54 UTC

Should the getOrderStatus Service be exported?

Hi everybody,

at the moment the  getOrderStatusservice is defined with export="true". Is 
this really necessary?
I would like to close it? 
What do you think?

Viele Grüße
Best Regards


Dimitri Unruh
Consultant AEW
Lynx-Consulting GmbH
Johanniskirchplatz 6
33615 Bielefeld
Deutschland
Fon: +49 521 5247-0
Fax: +49 521 5247-250
Mobil: +49 160 90 57 55 13


Wir laden Sie herzlich ein:
DSAG-Jahreskongress
Datum: 11. - 13. Oktover 2011, Congress Center Leipzig, Halle 2 Stand B01

Besuchen Sie uns an unserem Stand und freuen Sie sich auf einen intensiven Informations- und Erfahrungsaustausch rund um das Thema Mobility! 


Company and Management Headquarters:
Lynx-Consulting GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland
Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.lynx.de

Court Registration: Amtsgericht Bielefeld HRB 35946
Chief Executive Officers: Karsten Noss, Dirk Osterkamp


http://www.lynx.de/haftungsausschluss

Re: Should the getOrderStatus Service be exported?

Posted by Dimitri Unruh <di...@lynx.de>.

Scott, Sascha,

thank you for your opinion...

I did create a new issue (https://issues.apache.org/jira/browse/OFBIZ-4419
) to close it.

Viele Grüße
Best Regards


Dimitri Unruh
Consultant AEW
Lynx-Consulting GmbH
Johanniskirchplatz 6
33615 Bielefeld
Deutschland
Fon: +49 521 5247-0
Fax: +49 521 5247-250
Mobil: +49 160 90 57 55 13


Wir laden Sie herzlich ein:
DSAG-Jahreskongress
Datum: 11. - 13. Oktover 2011, Congress Center Leipzig, Halle 2 Stand B01

Besuchen Sie uns an unserem Stand und freuen Sie sich auf einen intensiven Informations- und Erfahrungsaustausch rund um das Thema Mobility! 


Company and Management Headquarters:
Lynx-Consulting GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland
Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.lynx.de

Court Registration: Amtsgericht Bielefeld HRB 35946
Chief Executive Officers: Karsten Noss, Dirk Osterkamp


http://www.lynx.de/haftungsausschluss

Re: Should the getOrderStatus Service be exported?

Posted by Scott Gray <sc...@hotwaxmedia.com>.

I would say setting it to false would be the easiest route to closing this hole.  If somebody wants the service exported OOTB then they'd need to improve it with authentication and authorization.

Regards
Scott

On 15/09/2011, at 5:30 PM, Sascha Rodekamp wrote:

> +1
> is it better to set the export to false or enable the authorization? 
> 
> Am 14.09.2011 um 17:10 schrieb Scott Gray <sc...@hotwaxmedia.com>:
> 
>> +1
>> 
>> I would say it was fine if the service required auth and it then checked if the user had permission to view details about the order but it doesn't seem to do any authorization checks at all.
>> 
>> Regards
>> Scott
>> 
>> On 15/09/2011, at 2:40 AM, Dimitri Unruh wrote:
>> 
>>> Hi everybody,
>>> 
>>> at the moment the  getOrderStatusservice is defined with export="true". Is 
>>> this really necessary?
>>> I would like to close it? 
>>> What do you think?
>>> 
>>> Viele Grüße
>>> Best Regards
>>> 
>>> 
>>> Dimitri Unruh
>>> Consultant AEW
>>> Lynx-Consulting GmbH
>>> Johanniskirchplatz 6
>>> 33615 Bielefeld
>>> Deutschland
>>> Fon: +49 521 5247-0
>>> Fax: +49 521 5247-250
>>> Mobil: +49 160 90 57 55 13
>>> 
>>> 
>>> Wir laden Sie herzlich ein:
>>> DSAG-Jahreskongress
>>> Datum: 11. - 13. Oktover 2011, Congress Center Leipzig, Halle 2 Stand B01
>>> 
>>> Besuchen Sie uns an unserem Stand und freuen Sie sich auf einen intensiven Informations- und Erfahrungsaustausch rund um das Thema Mobility! 
>>> 
>>> 
>>> Company and Management Headquarters:
>>> Lynx-Consulting GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland
>>> Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.lynx.de
>>> 
>>> Court Registration: Amtsgericht Bielefeld HRB 35946
>>> Chief Executive Officers: Karsten Noss, Dirk Osterkamp
>>> 
>>> 
>>> http://www.lynx.de/haftungsausschluss
>>

Re: Should the getOrderStatus Service be exported?

Posted by Sascha Rodekamp <sa...@googlemail.com>.

+1
is it better to set the export to false or enable the authorization? 

Am 14.09.2011 um 17:10 schrieb Scott Gray <sc...@hotwaxmedia.com>:

> +1
> 
> I would say it was fine if the service required auth and it then checked if the user had permission to view details about the order but it doesn't seem to do any authorization checks at all.
> 
> Regards
> Scott
> 
> On 15/09/2011, at 2:40 AM, Dimitri Unruh wrote:
> 
>> Hi everybody,
>> 
>> at the moment the  getOrderStatusservice is defined with export="true". Is 
>> this really necessary?
>> I would like to close it? 
>> What do you think?
>> 
>> Viele Grüße
>> Best Regards
>> 
>> 
>> Dimitri Unruh
>> Consultant AEW
>> Lynx-Consulting GmbH
>> Johanniskirchplatz 6
>> 33615 Bielefeld
>> Deutschland
>> Fon: +49 521 5247-0
>> Fax: +49 521 5247-250
>> Mobil: +49 160 90 57 55 13
>> 
>> 
>> Wir laden Sie herzlich ein:
>> DSAG-Jahreskongress
>> Datum: 11. - 13. Oktover 2011, Congress Center Leipzig, Halle 2 Stand B01
>> 
>> Besuchen Sie uns an unserem Stand und freuen Sie sich auf einen intensiven Informations- und Erfahrungsaustausch rund um das Thema Mobility! 
>> 
>> 
>> Company and Management Headquarters:
>> Lynx-Consulting GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland
>> Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.lynx.de
>> 
>> Court Registration: Amtsgericht Bielefeld HRB 35946
>> Chief Executive Officers: Karsten Noss, Dirk Osterkamp
>> 
>> 
>> http://www.lynx.de/haftungsausschluss
>

Re: Should the getOrderStatus Service be exported?

Posted by Scott Gray <sc...@hotwaxmedia.com>.

+1

I would say it was fine if the service required auth and it then checked if the user had permission to view details about the order but it doesn't seem to do any authorization checks at all.

Regards
Scott

On 15/09/2011, at 2:40 AM, Dimitri Unruh wrote:

> Hi everybody,
> 
> at the moment the  getOrderStatusservice is defined with export="true". Is 
> this really necessary?
> I would like to close it? 
> What do you think?
> 
> Viele Grüße
> Best Regards
> 
> 
> Dimitri Unruh
> Consultant AEW
> Lynx-Consulting GmbH
> Johanniskirchplatz 6
> 33615 Bielefeld
> Deutschland
> Fon: +49 521 5247-0
> Fax: +49 521 5247-250
> Mobil: +49 160 90 57 55 13
> 
> 
> Wir laden Sie herzlich ein:
> DSAG-Jahreskongress
> Datum: 11. - 13. Oktover 2011, Congress Center Leipzig, Halle 2 Stand B01
> 
> Besuchen Sie uns an unserem Stand und freuen Sie sich auf einen intensiven Informations- und Erfahrungsaustausch rund um das Thema Mobility! 
> 
> 
> Company and Management Headquarters:
> Lynx-Consulting GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland
> Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.lynx.de
> 
> Court Registration: Amtsgericht Bielefeld HRB 35946
> Chief Executive Officers: Karsten Noss, Dirk Osterkamp
> 
> 
> http://www.lynx.de/haftungsausschluss