[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Templates storage

On Friday 13 April 2007, The Anarcat wrote:
> Now, I just quickly saw this discussion about templates storage, and I
> must say that I think they should remain on disk. 

 As you might have noticed in previous posts, I don't agree. I'll respond to 
your concerns below.

> That has many 
> advantages, the first being that they can be edited with a regular
> editor, through FTP/SSH transfers,

This requires setting up ftp and/or shell accounts, which is actually more 
complex than using the web interface.

> instead of being edited through a 
> complex web interface.

 There's no reason that they have to be edited via a complex web interface. We 
just use a web interface to download/upload templates. That's all, and that's 
very simple.

> Second, it can also be useful to keep people from 
> editing the templates, by simply making the templates chmod a-w. 

Again, making a more complex install. I'd rather users simply use a web 
interface to interact with the software. Many people are afraid of shell and 
command line. Also, requiring people use shell often is more of a security 
risk, as they can do many things that are not in our control (typo in the 
chmod, delete files by accident, etc.).

> Third,  I think that it is perfectly possible to have a secure way of 
> storing and editing those files from the web, if the permissions are set 
> right.

 Why spend time trying to figure something out that is clearly a higher 
security risk (web app writing to the file system), when we can write to the 
DB instead and have no additional risk?

> Finally, I think it's easier to integrate with other tools (like latex
> for example) if the files are actually on disk.

Not necessarily true.

> Then again, I know only so much about the LedgerSMB internals and assume
> much, but I feel that templates belong on disk. I don't like having big
> blobs in a database... Furthermore, templates often incorporate images,
> are you going to put those in the database too?

 Yes. User supplied material is data. Data goes into the database.