On 10/3/07, Joshua D. Drake <[EMAIL PROTECTED]> wrote:
>
>
>
> We are making this far more complicated that it needs to be. Let's just
> make it so ssl is part of the ledgersmb requirements and include the
> docs to handle that. We can even include a simple wizard that will
> create the postgresql ssl stuff.
Apache/PostgreSQL authentication can still be done via any auth method. SSL
would be nice for this leg but it is not where the issue is (which is
between the browser and Apache).
So I think we definitely should recommend the use of SSL on that leg, but I
am not convinced we can't trust administrators to make intelligent choices
here.
Further, we should make it part of the requirements that a user use
> https to talk to lsmb as well.
Agreed that this should be a documented requirement for any access over the
network.
One thing we *can* do is change the default configuration to only accept
connections to the app on the Apache side from Localhost. This way they
have to knowingly change it. It is similar to the approach PostgreSQL
takes. You want to run this over a network? You have to explicitly enable
it.
That is a simple change and would go a long way to balancing security and
newbie installability.
Best Wishes,
Chris Travers
Joshua D. Drake
>
>
> >
> > Best Wishes,
> > Chris Travers
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Ledger-smb-devel mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
>
>
> - --
>
> === The PostgreSQL Company: Command Prompt, Inc. ===
> Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240
> PostgreSQL solutions since 1997 http://www.commandprompt.com/
> UNIQUE NOT NULL
> Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
> PostgreSQL Replication: http://www.commandprompt.com/products/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHA82WATb/zqfZUUQRAiBvAKCpiKroIHYtPWn3zlm2mMDF6P0OQQCfeFhv
> Fd1u7qN9Kw9DbR3crLUPj98=
> =BdAb
> -----END PGP SIGNATURE-----
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Ledger-smb-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Ledger-smb-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel