NPO-Accounting/npo-accounting-ikiwiki Changeset - 71e3516c6e42

Changeset - 71e3516c6e42

Parent rev.

Child rev.

[Not reviewed]

0 1 0

http://wandborg.se/ Joar@web - 11 years ago 2013-11-20 20:09:18

1 file changed with 1 insertions and 1 deletions:

ExistingProjects/ERPNext.mdwn

0 comments (0 inline, 0 general)

ExistingProjects/ERPNext.mdwn

➞

Show inline comments

 Links:
 - <https://erpnext.com> - Commercial homepage
 - <https://erpnext.com/open-source> - Community homepage
 - <https://github.com/webnotes/erpnext> - Source code
 Demo: <https://demo.erpnext.com>
 ### Evaluation of codebase & development
 The framework [wnframework](https://github.com/webnotes/wnframework) is used and seemingly developed in parallel.
 The python code does not follow the guidelines in [PEP8](http://www.python.org/dev/peps/pep-0008/).
 #### Database
 wnframework contains a database model abstraction which is used in some places, though there are > 2000 places where raw SQL is composed using python's `'foo %' % ('bar')` string formatting. I have managed to cause some minor SQL injections, I have not yet found any places where I can cause significant damage / data loss.
+wnframework contains a database model abstraction which is used in some places, though there are > 2000 places where raw SQL is composed using python's `'foo %s' % ('bar')` string formatting. I have managed to cause some minor SQL injections, I have not yet found any places where I can cause significant damage / data loss.
 Not using a database abstraction model such as SQLAlchemy reduces storage portability and adds security overhead to ensure that no malicious queries can be executed.
 In those places I have seen, no input sanitation was performed, although they were only SELECT queries. I suspect that you could alter database contents by modifiying a SELECT query, but I have not managed to do so myself.
 ### Evaluation of [[Reporting|UseCases/GeneratingReports]] UseCases
 - [[Trial Balance Report|UseCases/GeneratingReports#trial-balance]]: [Yes](https://demo.erpnext.com/app.html#trial-balance)
 - [[Bank Reconciliation Report|UseCases/GeneratingReports#bank-reconcilation]]: [Yes](https://demo.erpnext.com/app.html#Form/Bank%20Reconciliation/Bank%20Reconciliation)
 - [[Chart of Accounts|UseCases/GeneratingReports#chart-of-accounts]]: [Yes](https://demo.erpnext.com/app.html#Accounts%20Browser/Account)
 - [[Cash Disbursements Journal|UseCases/GeneratingReports#cash-disbursements]]: FIXME
 - [[Income Report|UseCases/GeneratingReports#income-report]]: [Kind of](https://demo.erpnext.com/app.html#financial-analytics)
 - [[Expense Report|UseCases/GeneratingReports#expense-report]]: Yes, shown together with "Income Report" and a graph.
 ### Evaluation of [[Reporting|UseCases/GeneratingReports]] UseCases for Fund Accounting
 Can each of these reports be generated, confined to a specific temporarily
 restricted asset type?
 **It does not seem like it**. There are 'Cost Centers', but they do not seem to be usable in fund accounting.
 - [[Trial Balance Report|UseCases/GeneratingReports#trial-balance]]: FIXME
 - [[Bank Reconciliation Report|UseCases/GeneratingReports#bank-reconcilation]]: FIXME
 - [[Chart of Accounts|UseCases/GeneratingReports#chart-of-accounts]]: FIXME
 - [[Cash Disbursements Journal|UseCases/GeneratingReports#cash-disbursements]]: FIXME

0 comments (0 inline, 0 general)