Re: Debian packages and Bruce Hohl Install

["Chris Travers" <..hidden..>]

Mads,

Agreed on the general ideas.

The only issue at the moment is that I think it would require a lot of
rewriting of a lot of code (introducing more errors and delays when we
are looking at re-engineering anyway).  I think that the way to go
about this is to come up with an idea of where we want to go and then
re-engineer either in place or in parallel to make that possible.

Best Wishes,
Chris Travers

On 12/13/06, Mads Kiilerich <..hidden..> wrote:
> Chris Travers wrote, On 12/13/2006 10:51 PM:
> > I favor the idea of a post-install configure script.  Obviously we
> > don't want it in the web directory :-)
> >
>
> Now you mention it: Couldn't/shouldn't all CGI entry points be moved to
> a cgi-bin folder and apache be configured to execute cgi in that folder
> only? I consider it very unsafe to put scripts not intended to be cgi
> scripts (or even worse: Writable folders) in cgi-enabled folders. As it
> is now Apache access control has to do a dirty and
> too-risky-to-be-trusted job! It is not obvious to me that no dangerous
> scripts can be executed through cgi.
>
> IMHO ;-)
>
> /Mads
>
> ps: I have been playing around with something like the following.
> Instead of taking a "give access and make exceptions" approach I try to
> give exactly the needed access. But it gets quite complicated and
> obvious that reorganizing the directory structure would be simpler (and
> thus less error-prone).
>
> # Mapping from url to file system
> Alias /ledger-smb/css xxx/css
> Alias /ledger-smb/templates xxx/templates
> Alias /ledger-smb/doc/LedgerSMB-manual.pdf xxx/doc/LedgerSMB-manual.pdf
> Alias /ledger-smb/locale xxx/locale
> Alias /ledger-smb xxx/
>
> # Access to htdocs/CGI dir
> <Directory xxx>
>   AddHandler cgi-script .pl
>   Options ExecCGI
>   Order Allow,Deny
>   Deny from All
>   <FilesMatch "^$|\.(png|ico|pl|html)$">
>     Order Deny,Allow
>     Allow from All
>   </FilesMatch>
> </Directory>
>
> # No automatic access to sub dirs of htdocs/CGI
> <Directory xxx/*>
>   <Files "*">
>     Order Allow,Deny
>     Deny from All
>   </Files>
> </Directory>
>
> # Access to splash
> <Directory xxx/doc/locale>
>   <Files "*">
>     Order Deny,Allow
>     Allow from All
>   </Files>
> </Directory>
>
> # Access to manual
> <Directory xxx/doc>
>   <Files "*">
>     Order Deny,Allow
>     Allow from All
>   </Files>
> </Directory>
>
> # Access to (customized) css
> <Directory xxx/css>
>   <Files "*">
>     Order Deny,Allow
>     Allow from All
>   </Files>
> </Directory>
>
> # Access to (customzied) templates
> <Directory xxx/templates>
>   <Files "*">
>     Order Deny,Allow
>     Allow from All
>   </Files>
> </Directory>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Ledger-smb-devel mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel