sql-ledger-users

Security, and Including Labor on Assemblies....

[David R. <dr...@su...>]

Gentlemen (and ladies...)

Two brief questions:
1. One of my last concerns before my all-out switch to sql-ledger is about 
security... my concern is that since password protection on each page 
consists only of having a valid username attached on the end of the url, a 
terminated employee can still access the system as long as he/she still knows 
the name of anyone who works here.

All they have to do us add:
 http://URL?path=bin/mozilla&action=xxx&login=StillEmployedUserName

So my questions is this (yes it takes me a while to get to the point!):
Is it possible to use some form of a SESSION ID instead, such that after a 
successful login the path becomdes URL?session=XNCBXNBC&action=xxx

This way the sessions can expire at some interval (hourly, daily, etc) and 
the slightly more crafty user is defeated.

2. I have a question about how to include LABOR in an ASSEMBLY. Here is what 
I did - and hopefully someone has a better way/workaround.

I have a service item that is called LABOR and its measured in minutes. I 
would like to include it on the Bill of Materials, because for each assembly 
it is a fixed average time. This way, the computed price for the assembly is 
accurate, reflecting materials and labor for an assembly.

Here's the glitch... since a SERVICE is not a PART it does not have an 
INVENTORY ACCOUNT. You can attach the service to a BOM, but when you try to 
invoice the assembly, you cannot post the invoice because the post query 
fails (due to the lack of the inventory account)

One possible workaround, would be to make TIME a PART, but then at the end of 
the week there is an inventory shortage of MINUTES and adjusting that all the 
time could become a nightmare.

Any ideas on either topic appreciated.
Thanks,
Dave Ratte
dr...@su...

Re: Security, and Including Labor on Assemblies....

[Benjamin L. <ben...@co...>]

You can use apache mod_perl authentication/session modules... rather
than rewrite the sql-ledger code. Some purists argue about where
authentication and session management code should sit in multi-tiered
architectures... I think just do it where you feel most
comfortable. You can always deal with the consequences later. ;-)

On Thursday, 2001-11-15 at 02:18:15 AM, David Ratte scribbled:
> Gentlemen (and ladies...)
> 
> Two brief questions:
> 1. One of my last concerns before my all-out switch to sql-ledger is about 
> security... my concern is that since password protection on each page 
> consists only of having a valid username attached on the end of the url, a 
> terminated employee can still access the system as long as he/she still knows 
> the name of anyone who works here.
> 
> All they have to do us add:
>  http://URL?path=bin/mozilla&action=xxx&login=StillEmployedUserName
> 
> So my questions is this (yes it takes me a while to get to the point!):
> Is it possible to use some form of a SESSION ID instead, such that after a 
> successful login the path becomdes URL?session=XNCBXNBC&action=xxx
> 
> This way the sessions can expire at some interval (hourly, daily, etc) and 
> the slightly more crafty user is defeated.



-- 
Benjamin Lee
Melbourne, Australia             "Always real."    http://realthought.net/

Weather outside looks to be 11.4°C, partly cloudy.
__________________________________________________________________________
Base 8 is just like base 10, if you are missing two fingers.
		-- Tom Lehrer

Re: Security, and Including Labor on Assemblies....

[Dieter S. <dsi...@sq...>]

Hi David,

Add the next two lines to IS.pm after line 350

    $ref->{inventory_accno_id} *= 1;
    $ref->{expense_accno_id} *= 1;

and change $allocated in the else condition to

      $allocated = &allocate_expense($dbh, $form, $ref->{parts_id},
$ref->{qty}) if ($ref->{inventory_accno_id});


Dieter Simader    http://www.sql-ledger.org   (780) 472-8161
DWS Systems Inc.     Accounting Software       Fax: 478-5281
=========== On a clear disk you can seek forever ===========

On Wed, 14 Nov 2001, David Ratte wrote:

> Gentlemen (and ladies...)
> 
> Two brief questions:
> 1. One of my last concerns before my all-out switch to sql-ledger is about 
> security... my concern is that since password protection on each page 
> consists only of having a valid username attached on the end of the url, a 
> terminated employee can still access the system as long as he/she still knows 
> the name of anyone who works here.
> 
> All they have to do us add:
>  http://URL?path=bin/mozilla&action=xxx&login=StillEmployedUserName
> 
> So my questions is this (yes it takes me a while to get to the point!):
> Is it possible to use some form of a SESSION ID instead, such that after a 
> successful login the path becomdes URL?session=XNCBXNBC&action=xxx
> 
> This way the sessions can expire at some interval (hourly, daily, etc) and 
> the slightly more crafty user is defeated.
> 
> 2. I have a question about how to include LABOR in an ASSEMBLY. Here is what 
> I did - and hopefully someone has a better way/workaround.
> 
> I have a service item that is called LABOR and its measured in minutes. I 
> would like to include it on the Bill of Materials, because for each assembly 
> it is a fixed average time. This way, the computed price for the assembly is 
> accurate, reflecting materials and labor for an assembly.
> 
> Here's the glitch... since a SERVICE is not a PART it does not have an 
> INVENTORY ACCOUNT. You can attach the service to a BOM, but when you try to 
> invoice the assembly, you cannot post the invoice because the post query 
> fails (due to the lack of the inventory account)
> 
> One possible workaround, would be to make TIME a PART, but then at the end of 
> the week there is an inventory shortage of MINUTES and adjusting that all the 
> time could become a nightmare.
> 
> Any ideas on either topic appreciated.
> Thanks,
> Dave Ratte
> dr...@su...
> 
> 

SQL-Ledger and NT

[Bill H. <bil...@fa...>]

I just recently discovered SQL-Ledger.  I currently run NT4, and I've
downloaded the cygwin utilities.  

On the SQL-Ledger pages, I see mention of a way to use it under W2K. 
Have people successfully installed and run SQL-Ledger under NT4?  I'm
not a PERL programmer, nor have I used postgresql before, so I have a
bit of a learning curve, but it seems easier to use and more capable
than BANAL.  Tips welcome.

Thanks,

Bill
-- 
Bill Harris                                  3217 102nd Place SE
Facilitated Systems                          Everett, WA 98208 USA
http://facilitatedsystems.com/               phone: +1 425 337-5541