[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Debian packages and Bruce Hohl Install



Mads,

Agreed on the general ideas.

The only issue at the moment is that I think it would require a lot of
rewriting of a lot of code (introducing more errors and delays when we
are looking at re-engineering anyway).  I think that the way to go
about this is to come up with an idea of where we want to go and then
re-engineer either in place or in parallel to make that possible.

Best Wishes,
Chris Travers

On 12/13/06, Mads Kiilerich <..hidden..> wrote:
Chris Travers wrote, On 12/13/2006 10:51 PM:
> I favor the idea of a post-install configure script.  Obviously we
> don't want it in the web directory :-)
>

Now you mention it: Couldn't/shouldn't all CGI entry points be moved to
a cgi-bin folder and apache be configured to execute cgi in that folder
only? I consider it very unsafe to put scripts not intended to be cgi
scripts (or even worse: Writable folders) in cgi-enabled folders. As it
is now Apache access control has to do a dirty and
too-risky-to-be-trusted job! It is not obvious to me that no dangerous
scripts can be executed through cgi.

IMHO ;-)

/Mads

ps: I have been playing around with something like the following.
Instead of taking a "give access and make exceptions" approach I try to
give exactly the needed access. But it gets quite complicated and
obvious that reorganizing the directory structure would be simpler (and
thus less error-prone).

# Mapping from url to file system
Alias /ledger-smb/css xxx/css
Alias /ledger-smb/templates xxx/templates
Alias /ledger-smb/doc/LedgerSMB-manual.pdf xxx/doc/LedgerSMB-manual.pdf
Alias /ledger-smb/locale xxx/locale
Alias /ledger-smb xxx/

# Access to htdocs/CGI dir
<Directory xxx>
  AddHandler cgi-script .pl
  Options ExecCGI
  Order Allow,Deny
  Deny from All
  <FilesMatch "^$|\.(png|ico|pl|html)$">
    Order Deny,Allow
    Allow from All
  </FilesMatch>
</Directory>

# No automatic access to sub dirs of htdocs/CGI
<Directory xxx/*>
  <Files "*">
    Order Allow,Deny
    Deny from All
  </Files>
</Directory>

# Access to splash
<Directory xxx/doc/locale>
  <Files "*">
    Order Deny,Allow
    Allow from All
  </Files>
</Directory>

# Access to manual
<Directory xxx/doc>
  <Files "*">
    Order Deny,Allow
    Allow from All
  </Files>
</Directory>

# Access to (customized) css
<Directory xxx/css>
  <Files "*">
    Order Deny,Allow
    Allow from All
  </Files>
</Directory>

# Access to (customzied) templates
<Directory xxx/templates>
  <Files "*">
    Order Deny,Allow
    Allow from All
  </Files>
</Directory>


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel