ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ean Schuessler <...@brainfood.com>
Subject Re: Moving securityext to the framework
Date Sat, 02 Jan 2010 20:21:17 GMT
Adrian Crum wrote:
> I don't agree that emailing forgotten passwords is like the Webtools
> application. As you have discovered, emailing forgotten passwords
> entails some decision making, looking up information in various
> entities, selecting and rendering an email body template, etc. From my
> perspective, all of those things are outside the scope of the framework.

I agree. It is easy to imagine that some applications would not allow a
password to be reset via email. It might be that the application uses
biometrics, cryptographic signatures or who knows what. The framework
authentication stubs should accommodate a diversity of approaches.

One major question is whether framework, on its own, should even be
runnable as an application. In my opinion, it is a library, not an app
and doesn't need to be operational on its own.

View raw message