[Vtigercrm-developers] Issues and malwares - vtiger market place extension

S T Prasad stprasad at stprasad.com
Wed Apr 29 09:33:50 GMT 2015


Dear Alan, Blazej, Conrado, Sutharshan and community members,

First of all my sincere apologies to all members and more so to the Vtiger
team for overlooking the aspect of internal and external linking without
going thru the security component of Vtiger. This slipped thru, and it will
not be difficult to comply with that aspect.

This was not intentional in any way and I request that the community give
an opportunity to make amends.

As regards the three open source data base utilities bundled in, they will
be dropped for now. A couple of scripts which we used for testing a concept
also had got shipped, and will be dropped. They will be suggested as
helpful utilities which could be installed by the user under their security
policy.
The iframe linkages to documentation on google and our support portal will
also be dropped. Links will be provided instead for the same for the user
to opt on.
For permissions on log files, they will remain at write only mode always
and opened and shut for a server read on a bonafide request only.

This would address everything that is security related. I would be grateful
if someone points out anything else.

Now the aspect of having to rewrite the needed files. There is no other way
at present as also pointed out by Blazej in his observation that debugging
tools must be part of the engine. Being an amalgam application of various
subsystems of freely available GPL and MPL and MIT licensed sources,
(Vtiger is built on all those components) and the component authors too by
nature do not provide anything too. There is no following of any such usage
of a common framework to enable Vtiger debugging.

So, for practical purposes, as informed in the Wiki, in Vtiger, the
debugging output for adodb, Smarty and log4php are just 1 line of code
changes in the appropriate scripts. But we need to repeat them and thus was
the genesis of vtDebug.

Database queries is only by adding a line of code to enable the output.
Ditto for Smarty toggle a true or false, and for log4php as well, toggle a
true or false in a line of code. And thats all that we started to do with,
when we needed debugging on Vtiger since version 510 days. Also AdoDb
output to screen messed things up and sometimes broke Vtiger, so we used
the available ADODB variable to redirect the content.

Rest is Firebug, Xdebug, Stackoverflow,  good programming practices, long
nights and a bit of luck.

Before a further release submission to Vtiger after accomplishing the above
stated changes, the module will be published via a downloadable link, to
the community on this same thread. I hope that it would meet the same
enthusiasm for review as it did the first time around.

My heartfelt appreciation to the Vtiger community and its vibrancy of
activity. Some good comes out of everything, even mistakes.

I thank Uma, who is very quick to respond to matters, to Prasad for
supporting the user community always, and the many silent cubs toiling away
at Vtiger.

S.T.Prasad
www.vtigress.com

On Wed, Apr 29, 2015 at 1:50 PM, Pabiszczak, Błażej <
b.pabiszczak at opensaas.pl> wrote:

> Hi
>
> This module should have never appeared in the marketplace because of the
> two main reasons:
>
> 1. Security and the way it’s designed.
>
> 2. Such functionality should be a part of the engine.
>
> I will skip number 1 because there is no point going back to it, but
> number 2 is interesting. Debugging is a primary element of every developer
> and it’s used many times during the day. That’s why debugging shouldn’t be
> a matter of an additional or supplementary module that isn’t supported by
> the producer but is should be a part of the engine. If you consider that
> there is something missing in the built-in debugging, you report it in a
> form of a ready-made change for Vtiger’s engine and you don’t try to solve
> it in an artificial way.
>
> My main comments about debugging are:
>
> 1. Information should be in a proper order [at the moment debugging is
> split around in multiple locations and it should be gathered into one file
> which would be developed along with the system].
>
> 2. Parameters which can be enabled should have a description and a file
> path where the result can be viewed [so there would be no need to guess
> where one should search for the required logs].
>
> 3. The system of debugging should be developed. At the moment there are
> many locations that are skipped and aren’t displayed in the log files.
>
> Z poważaniem / Regards
> Błażej Pabiszczak
> M: +48.884999123
> E: b.pabiszczak at opensaas.pl
>
> _______________________________________________
> http://www.vtiger.com/
>



-- 
With best regards,

S.T.Prasad

http://www.vtigress.com
The Purr-fect mate for vTiger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150429/341ff96e/attachment.html>


More information about the vtigercrm-developers mailing list