Originally posted by doodab
View Post
This is a prototype. It serves the purpose of demonstrating that it can be done, and can be done relatively cheaply.
When we get the go ahead to develop this the security issue will be dealt with properly. For now, I just needed a fix to get the prototype working. To get the security permissions changed would require red tape, and this carries a time penalty the luxury of which we currently can ill afford.
The impersonated user has access within the sandbox, and that's about it so the risk is minimal.
I accept eeks comments as entirely valid, and have indicated this many times. The thing I don't accept is his tendancy to have a hissy fit at the slightest hint of a challenge to his suggestions.
Comment