[sork] patch: customsql option and other goodies
Eric Rostetter
eric.rostetter at physics.utexas.edu
Thu May 13 07:25:51 PDT 2004
Quoting Jan Schneider <jan at horde.org>:
> I only committed the keep local part of the patch for now. The password
> isn't really requested for security reasons, it's only necessary for some
> drivers.
No, actually, it is also there for security reasons. I would object to
removing it, though I won't object to a configuration option to remove
it.
> configuration. I think the driver should return if it needs a password at
> all. Additionally we could add a configuration setting for those drivers
> that need a password to disable the password field. In these cases the
> drivers would return "i don't need a password" and use the Horde password
> instead.
I don't follow that exactly. But you *must* allow the admin to force
the password to be required. You *may* also allow it to be optional
if the driver doesn't need it.
But the driver may not know if it is needed or not. For the ftp driver,
the horde password may or may not work, depending on where they ftp to
and how authentication is done. So the driver will not know if it is
needed or not. This is fairly minor as it can just say if it might be
needed, return that it is needed. Only if there is absolutely no doubt
that it will never be needed can the driver say it isn't needed.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
More information about the sork
mailing list