[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Installation Ideas



Hi Chris,

You can sort the security issue by require the user to delete the install script after they complete the install. and making it so the application can't be accessed until this is done.



On Tue, Jul 17, 2012 at 3:42 PM, Chris Travers <..hidden..> wrote:


On Mon, Jul 16, 2012 at 8:12 PM, Jason Thomas <..hidden..> wrote:
Hi all,

A while back you where talking about working on the installation of ledger-smb, below is a link to an open source crm which I feel has a very easy installation. Basically untar and point your browser to the conf script. which then checks dependencies etc.

What do people think of this method.

http://support.sugarcrm.com/02_Documentation/01_Sugar_Editions/05_Sugar_Community_Edition/Sugar_Community_Edition_6.5/Sugar_Community_Edition_Installation_Guide_6.5.0

First I have no problem with providing a number of installation methods, and some people may prefer a less secure set-up.  I would prefer not to get to the point where we are openly advocating writing config files from the web server though, but having it as an option would be a good thing, especially if we can say "there's the simple way to install and the secure way to install."

So with that in mind, here's my thinking:

1)  we'd probably want any configuration writing classes to be broken off into modules distinct from any interface.  With our current config handling for 1.4, this is a lot easier (the CPAN modules we use in 1.4 for reading the config support both reading and writing configuration information).   So we already kind of have that, so the question then becomes just how we wrap this in the application.

2)  If we have the mechanism down, then it becomes possible to write various tools to create or manipulate the the ledgersmb.conf.  There could be an interactive command line tool, for example (Havard has suggested something like this in the past).  If folks want a web-based tool, this could then be done.  A command-line interactive script could be done.  There are lots of options available at that point.

Hope this helps,
Chris Travers

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel