patch 275

[Justin Kelly]

hey ap

not convinced UnqEMailPwd with email,password pair is best

maybe just unique domain_id,email is all we need

- or just unique email field

cheers

justin

[Ap.Muthu]

Making (EMail, domain_id) as unique will cause more than one record to turn up on login verification since domain_id is not part of the login credentials. Also taking the domain_id from the user table is more secure than having it as part of the login form. This will not be a problem now if the passwords are different for each domain since the EMail/Password pair gets verified from the user table. The problem arises when the EMail and Password are same for more than one domain and this will be the normally expected behaviour of a user who is given access to more than one domain_id. This will result in more than one record turning up for validation - validation of login wil succeed but only the first record's domain_id will probably be always taken.

Solutions:
1. Retain current UniqueIdx (EMail, Password)
2. Make the EMail Unique across all domain_id values. Hence no user should be able to have the same EMail for more than one domain_id.

You may take a call on which is the better evil of the two.

Most users would prefer to have the same email across all domain_id values they are permitted into - IMHO - hence I went with 1 above.

[Justin Kelly]

ap - we just need to adjsut the auth/login code and templates to use domain_id then set email,domain_id couple of unique

--
You received this message because you are subscribed to the Google Groups "Simple Invoices" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simpleinvoice...@googlegroups.com.
To post to this group, send email to simplei...@googlegroups.com.
Visit this group at http://groups.google.com/group/simpleinvoices.
For more options, visit https://groups.google.com/groups/opt_out.