[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LedgerSMB rpm spec

Would it be easier just to include by default a .htaccess file that
would deny access to the admin.pl with instructions on how to remove
it?  Once you go to the admin.pl screen, if it has a blank password,
you will get prompted to enter another one.

With the .htaccess solution, we can provide a nice description of what
needs to be done to allow access, etc.

What I want to avoid is people having to spend too much time looking
for documentation when RPM's ideally should be plug and play.

BTW, I will probably add dependencies for DBI and PostgreSQL (since we
don't support other db's at the moment).  Hope this helps.

Best Wishes,
Chris Travers

On 10/18/06, John Hasler <..hidden..> wrote:
Mads writes:
> Also, in case the rpm is installed by a clueless root it should not leave
> a door open to attackers. The rpm must be ensure that root and only root
> knows the master password. That's why I let the rpm contain a bogus
> password and provide instructions on how to reset it.

Create a password on the fly during installation and mail it to root.
John Hasler
Elmwood, WI USA

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
Ledger-smb-devel mailing list