Hi Lee; > > > We can load all the default templates into the db. It would be > > trivial to do that. > > Yes, but also not much use, IMO. It's about the same thing as storing > images as BLOB fields in a database as opposed to just dropping the images > into a directory as a jpg file and linking to it.
There are some differences though. In general, if I put something that the web server needs *write* access on the filesystem, then I have to assume that it could be compromised, either by a bug in our software, or by a bug in other software running on the same web server. If we put it in the db, then the web server itself only has permission to access the file based on the credentials of the currently logged in user. I suspect that there may be some serious security gains if we can get to the point where the main application doesn't need write access to the filesystem at all. I don't actually think that all templates need to go in the db, just the user editable ones. One way or another, we have to have strong enforcement for HTML templates and these need to be sufficiently strong to prevent other web applications in the same server from being able to write to those files. The filesystem really isn't designed to do this, unfortunately. > > This would also not be a 'good thing' for performance if there are already > conerns over lsmb performance and the use of mod_perl. Well, right now, the major performance concerns are in page load. This can be an issue if you have to worry about the responsiveness of an application for each line of a 100-line invoice you add. On the other hand, waiting an extra half-second for the template isn't the same sort of workflow bottleneck. > > As well, In a web environment, the field data would have to be pulled out, > saved as a file and then linked to in any case. Same thing for TeX. Ugly. > > >> Another thing could be ancilliary files - eg, for my consulting biz I have > >> a > >> pdf file that I use as a watermark on my invoices, and our retail biz uses > >> png and eps files that we have our logo in - would those then be stored in > >> the db somehow, or will we always end up with some "stragglers" out on the > >> filesystem? > > > Good question. I don't know if that has been looked at. See? Peer > > review is good... > > Another reason to stick with files. Uniformity. > I am more worried about being able to exploit loadable templates in this way. I think restricting access in the db and sanatizing the template before it is saved (and the input before it is rendered) is likely to be the easiest and most robust way to prevent arbitrary malicious users from breaking into the application. But I am open to other suggestions. Best Wishes, Chris Travers ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Ledger-smb-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
