FrontAccounting forum — Report Module for each Company/DB

Re: Report Module for each Company/DB

null@example.com (itronics) — Sat, 20 Mar 2010 17:37:38 +0000

My notice was related to Report Generator extension module, which allow executing arbitrary php code, which violates any security measures on server and should be allowed only for site admin (if at all).

If you are talking about Reporting module included in core FA it IS secure, and should be available for all companies.
Janusz

Re: Report Module for each Company/DB

null@example.com (chase) — Sat, 20 Mar 2010 07:50:26 +0000

unsecure as in terms of it being able to access sql?

If that is the case may be we can put in filter for select DB, or say DELETE/UPDATE query in that module.

Or is there something else that makes it unsecure?

Re: Report Module for each Company/DB

null@example.com (itronics) — Fri, 19 Mar 2010 17:16:28 +0000

Report engine module is unsecure, so guess it is a reason why it is available only in first company.

Janusz

Report Module for each Company/DB

null@example.com (chase) — Fri, 19 Mar 2010 12:09:45 +0000

Is it possible to make the report module accessible to admin of each DB.
Currently the report module works only in first company and the reports can be made available to everyone.

This is when multiple Companies (read multiple databases) are being used.

If need to make this happen where should i look?