[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LedgerSMB rpm spec
- Subject: Re: LedgerSMB rpm spec
- From: "Chris Travers" <..hidden..>
- Date: Wed, 18 Oct 2006 16:18:10 -0700
Would it be easier just to include by default a .htaccess file that
would deny access to the admin.pl with instructions on how to remove
it? Once you go to the admin.pl screen, if it has a blank password,
you will get prompted to enter another one.
With the .htaccess solution, we can provide a nice description of what
needs to be done to allow access, etc.
What I want to avoid is people having to spend too much time looking
for documentation when RPM's ideally should be plug and play.
BTW, I will probably add dependencies for DBI and PostgreSQL (since we
don't support other db's at the moment). Hope this helps.
Best Wishes,
Chris Travers
On 10/18/06, John Hasler <..hidden..> wrote:
Mads writes:
> Also, in case the rpm is installed by a clueless root it should not leave
> a door open to attackers. The rpm must be ensure that root and only root
> knows the master password. That's why I let the rpm contain a bogus
> password and provide instructions on how to reset it.
Create a password on the fly during installation and mail it to root.
--
John Hasler
..hidden..
Elmwood, WI USA
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel