On 10/2/07, David Tangye <..hidden..> wrote:
On 10/3/07, Chris Travers <..hidden..> wrote:
Perhaps more effort needs to made with the LSMB installer. I still am not running it because it does not install on a standard ubuntu desktop box.
Agreed, at least as far as Windows goes. But consider Ubuntu. Do you *really* want us writing global options to your Apache configuration file, possibly ovewriting SSL options, etc? I think the case can be made that on Linux, the responsibiloity for setting up the servers beyond some basic settings, should be the responsibility of the administrator.
1. Which global options are you referring to? Any that can't be contained in an application-config file in APACHE_DIR/conf.d/...?
If we want to be truly secure we should require SSL on all connections.
Note that SSL is negotiated prior to the receipt of HTTP headers by the server. This means that you can only have one SSL certificate for a given IP address/port combination. If someone already has an SSL certificate (especially if it is issued by a real certificate authority) and we add another one (which will be generic and only stop-gap until they generate another), they are going to be at least somewhat unhappy.
2. Ubuntu and many linux distros are focussed on being useable by individuals who would not be considered 'administrators', eg home users and small businesses, eg that currently run Windows. The software has to install itself and take care of itself. If it cant, "it doesn't work" and it gets chucked out again. Are you interested in catering for these users?
If this is a single user machine and you are only going to access the application locally, then the above problem can be resolved by simply requiring that all connections come from localhost by default (which may not be a bad option). The SSL issue is not a major one.
However, if you want to access it over the network, this is going to be a more interesting process, and something which is likely to require some basic skill or assistance to do properly for at least the foreseable future.
I suppose one could walk people through a configuration wizard which includes questions like "do you have an X.509 certificate?" but I think the users you are thinking of would be more rather than less confused by this.
Best Wishes,
Chris Travers