Mads, Agreed on the general ideas.
The only issue at the moment is that I think it would require a lot of rewriting of a lot of code (introducing more errors and delays when we are looking at re-engineering anyway). I think that the way to go about this is to come up with an idea of where we want to go and then re-engineer either in place or in parallel to make that possible. Best Wishes, Chris Travers On 12/13/06, Mads Kiilerich <[EMAIL PROTECTED]> wrote: > Chris Travers wrote, On 12/13/2006 10:51 PM: > > I favor the idea of a post-install configure script. Obviously we > > don't want it in the web directory :-) > > > > Now you mention it: Couldn't/shouldn't all CGI entry points be moved to > a cgi-bin folder and apache be configured to execute cgi in that folder > only? I consider it very unsafe to put scripts not intended to be cgi > scripts (or even worse: Writable folders) in cgi-enabled folders. As it > is now Apache access control has to do a dirty and > too-risky-to-be-trusted job! It is not obvious to me that no dangerous > scripts can be executed through cgi. > > IMHO ;-) > > /Mads > > ps: I have been playing around with something like the following. > Instead of taking a "give access and make exceptions" approach I try to > give exactly the needed access. But it gets quite complicated and > obvious that reorganizing the directory structure would be simpler (and > thus less error-prone). > > # Mapping from url to file system > Alias /ledger-smb/css xxx/css > Alias /ledger-smb/templates xxx/templates > Alias /ledger-smb/doc/LedgerSMB-manual.pdf xxx/doc/LedgerSMB-manual.pdf > Alias /ledger-smb/locale xxx/locale > Alias /ledger-smb xxx/ > > # Access to htdocs/CGI dir > <Directory xxx> > AddHandler cgi-script .pl > Options ExecCGI > Order Allow,Deny > Deny from All > <FilesMatch "^$|\.(png|ico|pl|html)$"> > Order Deny,Allow > Allow from All > </FilesMatch> > </Directory> > > # No automatic access to sub dirs of htdocs/CGI > <Directory xxx/*> > <Files "*"> > Order Allow,Deny > Deny from All > </Files> > </Directory> > > # Access to splash > <Directory xxx/doc/locale> > <Files "*"> > Order Deny,Allow > Allow from All > </Files> > </Directory> > > # Access to manual > <Directory xxx/doc> > <Files "*"> > Order Deny,Allow > Allow from All > </Files> > </Directory> > > # Access to (customized) css > <Directory xxx/css> > <Files "*"> > Order Deny,Allow > Allow from All > </Files> > </Directory> > > # Access to (customzied) templates > <Directory xxx/templates> > <Files "*"> > Order Deny,Allow > Allow from All > </Files> > </Directory> > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Ledger-smb-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Ledger-smb-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
