Re: LedgerSMB rpm spec

["Chris Travers" <..hidden..>]

Would it be easier just to include by default a .htaccess file that
would deny access to the admin.pl with instructions on how to remove
it?  Once you go to the admin.pl screen, if it has a blank password,
you will get prompted to enter another one.

With the .htaccess solution, we can provide a nice description of what
needs to be done to allow access, etc.

What I want to avoid is people having to spend too much time looking
for documentation when RPM's ideally should be plug and play.

BTW, I will probably add dependencies for DBI and PostgreSQL (since we
don't support other db's at the moment).  Hope this helps.

Best Wishes,
Chris Travers

On 10/18/06, John Hasler <..hidden..> wrote:
> Mads writes:
> > Also, in case the rpm is installed by a clueless root it should not leave
> > a door open to attackers. The rpm must be ensure that root and only root
> > knows the master password. That's why I let the rpm contain a bogus
> > password and provide instructions on how to reset it.
>
> Create a password on the fly during installation and mail it to root.
> --
> John Hasler
> ..hidden..
> Elmwood, WI USA
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Ledger-smb-devel mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel