On 10/2/07, David Tangye <[EMAIL PROTECTED]> wrote:
>
> On 10/3/07, Chris Travers <[EMAIL PROTECTED]> wrote:
> >
> > Perhaps more effort needs to made with the LSMB installer. I still am
> > > not running it because it does not install on a standard ubuntu desktop
> > > box.
> > >
> >
> > Agreed, at least as far as Windows goes. But consider Ubuntu. Do you
> > *really* want us writing global options to your Apache configuration file,
> > possibly ovewriting SSL options, etc? I think the case can be made that on
> > Linux, the responsibiloity for setting up the servers beyond some basic
> > settings, should be the responsibility of the administrator.
> >
>
> 1. Which global options are you referring to? Any that can't be contained
> in an application-config file in APACHE_DIR/conf.d/...?
If we want to be truly secure we should require SSL on all connections.
Note that SSL is negotiated prior to the receipt of HTTP headers by the
server. This means that you can only have one SSL certificate for a given
IP address/port combination. If someone already has an SSL certificate
(especially if it is issued by a real certificate authority) and we add
another one (which will be generic and only stop-gap until they generate
another), they are going to be at least somewhat unhappy.
> 2. Ubuntu and many linux distros are focussed on being useable by
> individuals who would not be considered 'administrators', eg home users and
> small businesses, eg that currently run Windows. The software has to install
> itself and take care of itself. If it cant, "it doesn't work" and it gets
> chucked out again. Are you interested in catering for these users?
If this is a single user machine and you are only going to access the
application locally, then the above problem can be resolved by simply
requiring that all connections come from localhost by default (which may not
be a bad option). The SSL issue is not a major one.
However, if you want to access it over the network, this is going to be a
more interesting process, and something which is likely to require some
basic skill or assistance to do properly for at least the foreseable future.
I suppose one could walk people through a configuration wizard which
includes questions like "do you have an X.509 certificate?" but I think the
users you are thinking of would be more rather than less confused by this.
Best Wishes,
Chris Travers
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ledger-smb-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel