[Vtigercrm-developers] password vs accessKey
Adam Heinz
amh at metricwise.net
Wed Apr 3 18:12:37 UTC 2013
I went ahead and implemented this feature [1].
On Thu, Mar 21, 2013 at 1:13 PM, Adam Heinz <amh at metricwise.net> wrote:
> Why do we need both? I've recently written a small mobile application
> (barcode scanner on a Windows Mobile device) to track Assets. It uses the
> web service for everything. The web service only allows login with
> accessKey, not password. Originally, we thought this wasn't a big deal,
> but we've run into a number of problems:
>
> 1. There is no mechanism for changing the accessKey. It's randomly
> generated as something a human could never remember, and it is not possible
> to edit it from Settings > Users as an administrator.
> 2. The accessKey is stored in the database as plain text, and displayed
> via Settings > Users.
>
> The simplest thing for our customers' warehouse staff would be to use the
> same password that they use to access the CRM. I'm strongly inclined to
> add a password login action to the web service. In the cases where we use
> a true access key for an automated process, we create a corresponding user,
> so that the ModTracker change log reflects that the automated process made
> the change.
>
> The only scenario I can envision where having the separate password and
> accessKey is useful is if you want to prevent someone from logging into the
> CRM (as an automated account, perhaps), but this begs the question, why not
> use a single password, then add flags to the account marking whether they
> have web service API access, CRM access or both.
>
> Opinions?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20130403/bde6690c/attachment.html>
More information about the vtigercrm-developers
mailing list