[om-list] Fwd: Re: What I feel from your writings

[Luke A. Call]

[ditto]

----- Forwarded message from "Luke A. Call" <luke350 at onemodel.org> -----

Date: Mon, 17 May 2021 11:37:58 -0600
From: "Luke A. Call" <luke350 at onemodel.org>
To: Jean Louis <bugs at gnu.support>
Subject: Re: [om-list] What I feel from your writings

On 2021-05-05 10:46:02+0300, Jean Louis <bugs at gnu.support> wrote:
> For security reasons I have switched to empty user, I did not know if
> <username> had to be replaced to system username or any database
> username, it is unclear.

I think I answered this in the last email a few minutes ago; let me know
if not.
 
> I have not seen that password should be changed to something else but
> 'x' - so if password is 'x' that brings insecurity to the database.

No.  The instructions (core/INSTALLING) discuss this starting on line 235.  Please read
that paragraph again and let me know why you did not do so before, or 
what is unclear, before complaining any further.

> IMHO any software accessing the database should allow user to access
> the database anywhere, not just on localhost. If I understood well,
> you are using only local computer. My database was running for example
> on 192.168.0.1 and I think your installation instructions don't
> provide for that.

The instructions are for someone who runs the DB locally only, and is
trying to keep it somewhat simpler for such.  If
someone does not, I must assume for now that they know what they are
doing and will have whatever is needed for a firewall, and set up their
PG instance appropriately for their situation.  I believe the instructions 
say that or something like it, also; the same applies to upgrades and backups.

> - installation should only tell that user has to create some database
>   and has privileges to the database, and provide username, password

Some users would not know what to do with just that.  Sounds like you do; good.  So the
instructions as they are should be enoug hfor you right?
 
> - database credentials could be entered interactively, but could be
>   also placed in a configuration file. After interactive conversation,
>   software should anyway write credentials somewhere in configuration
>   file.

No, they are in PG, as instrus. say; as well as how to change them.  OM
does not manage credentials at this time.

> - maybe configuration file should be encrypted by password, and
>   software should ask user for software password (not database
>   password). It is handling eventually sensitive information.

PG does that and the code has been reviewed by more people than will
review OM code.

> - I think it should be collaborative, not single user, rather multi
>   user based.

It could certainly be managed that way, by someone who knows what they
are doing.  OM could be more multi-user in the future. I've thought
about that a lot but am slow right now due to health.

> Regarding usage, as it has fundamental way of defining relations, it
> appears abstract to me.
> 
> - is it possible to create entries larger than 160 characters?

That is what TextAttributes are for.  The entries are names of entities,
though I can see it could be convenient sometime to do as you are
desribing, and we might.  If you keep working with it, and I get the
idea you understand what it is trying to achieve, we might talk about it
more later.

----- End forwarded message -----