Sorry about the delay in replying. I've changed the subject line to better reflect what I'm trying to achieve.
In summary, I want to be able to run Mifos on a standard Debian stable system, without any custom installation of standard, packaged, software such as Tomcat. It just seems wrong to me to bend the OS environment to fit the application rather than designing and implementing the application to work with a standard OS installation. This is a precursor to yet another half-started project; production of a Debian package to install on a Debian or Ubuntu server I have just finished building a brand new Debian lenny OpenVZ VE (Virtual Environment) as a production Mifos web/application server (the database is on its own server, behind a firewall). The only slightly non-standard part was to install Tomcat 6 from the testing rather than stable release by configuring apt. I've used Sun JRE rather than JDK, there are no development tools such as Maven, etc. By putting local.properties and applicationConfiguration.custom.properties in ~tomcat6/.mifos the whole thing runs with the standard script in /etc/init.d. This is a breakthrough for me, as I can't set environment variables with the way that Debian launches Tomcat. I'd still prefer to see these files in /etc/mifos, but I can live with this. If anyone wants to see a copy of my work log, feel free to ask. To do: - use HTTPS instead of HTTP. No production financial system should ever send personal and financial information over the Internet unencrypted. - tune Tomcat security to something less than java.security.AllPermission. - discover the necessary and sufficient MySQL database permissions to run Mifos. GRANT ALL seems too much for a production system. Something like CREATE TEMPORARY TABLES, DELETE, INSERT, LOCK TABLES, SELECT, UPDATE? Certainly some of the more serious operations like DROP shouldn't be allowed by default. Perhaps an admin user with greater rights should be required to perform schema updates? Bear in mind that my perspective is a production system, where security should be tight, not a development system where security may be seen to inhibit productivity and creativity! :-) Regards Graeme ------------------------------------------------------------------------------ _______________________________________________ Mifos-users mailing list Mifos-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mifos-users
