Comments (2)
apmuthu
commented on July 28, 2024
Will having such a policy bring upon the project unintended warranties implied or otherwise?
As there is nothing to sell and each user can harden their installations from within FA (additional captcha, checking internal logs and acting on them, etc) and from outside it (firewalls, routing permissions, etc), the use case for such a document will probably be for those who want to make commercial services around it. In fact quite a few are using it commercially and some shamefully not even giving credit to the project and not contributing their fixes back to the project either. Donations are scarce too.
Since the law is different in different places, the project should not undertake to "comply" with all such whims and fancies of every government in place. This software is only a skeleton which end users can mould to suit their needs and be responsible for it.
The project relies primarily on insecure MD5 hash of passwords, unsalted. Each user will tweak this to secure their installs, though many use it to teach Accounting where it may not matter.
"User Beware" is the best way forward in my opinion. Let each end user take appropriate counsel and considered expertise before venturing into FA.
The Policy is attached herein and it is better to place it in markdown syntax in the GitHub Wiki herein.
Certainly a very nice effort and hopefully some "Consultants" may seek your professional copy-writing skills for FA and other products / services they may have on offer!
FrontAccounting Software Security Policy full.docx
from fa.
order4adwriter
commented on July 28, 2024
, A user beware policy instead...
Yeah that sounds much more appropriate in this instance I guess.
Creating it now...will post it on the github repository as a pull request
for your perusal and approval when its done.
…On Fri, Mar 16, 2018 at 11:17 AM, Ap.Muthu ***@***.***> wrote:
Will having such a policy bring upon the project unintended warranties
implied or otherwise?
As there is nothing to sell and each user can harden their installations
from within FA (additional captcha, checking internal logs and acting on
them, etc) and from outside it (firewalls, routing permissions, etc), the
use case for such a document will probably be for those who want to make
commercial services around it. In fact quite a few are using it
commercially and some shamefully not even giving credit to the project and
not contributing their fixes back to the project either. Donations are
scarce too.
Since the law is different in different places, the project should not
undertake to "comply" with all such whims and fancies of every government
in place. This software is only a skeleton which end users can mould to
suit their needs and be responsible for it.
The project relies primarily on insecure MD5 hash of passwords, unsalted.
Each user will tweak this to secure their installs, though many use it to
teach Accounting where it may not matter.
"User Beware" is the best way forward in my opinion. Let each end user
take appropriate counsel and considered expertise before venturing into FA.
FrontAccounting Software Security Policy full.docx
<https://github.com/FrontAccountingERP/FA/files/1818809/FrontAccounting.Software.Security.Policy.full.docx>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#34 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/Ai_op2V9HRwisqUtgItYL8Wvh2GDIcSfks5te5FQgaJpZM4SoD57>
.
from fa.
Related Issues (20)
- error handler set before $SysPrefs gives a warning HOT 1
- Fatal error: Call to undefined function add_access_extensions() ... index.php line 20 HOT 1
- Quick Entry does not populate Amount in Payment page HOT 1
- Redundant Zero Entries in Bank Statement HOT 1
- FA commits on v2.4 branch becoming master
- Time Based Blind SQL Injection in "filterType" Parameter HOT 5
- SQL Injection HOT 2
- A Directory Traversal vulnerability HOT 3
- PHP version backwards compatibility issue HOT 1
- Customer credit limit in SO is wrong
- SO view document (or order) date is wrong: set to today
- Customer Balances report is not correct for Journal Entry data
- FA API HOT 1
- Add SECURITY.md
- includes/dashboard.inc - Salesperson / Salesmen
- `standard_cost` is calculated wrongly and stamped into `stock_moves` then used in update account COGS
- `standard cost` was stamped as 0 during selling so the GL transaction was not created for the COGS account of the item sold.
- Fastest growing
- standard cost is recalculated while transfer items between location, and a JV is created to compensate the change
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fa.