Re: [pws] Cool enhancement to Comanche: From Squeak list

Wed, 03 Oct 2001 06:54:48 -0700 

I tried to setup an active swiki by doing:

ActiveSwikiAction setUp: 'myactiveswiki'

...where myactiveswiki was the path 'c:\ComSwiki\swiki\active', but I got an
error complaining that I didn't use a fully qualified path (yes, I did make sure
that I had created the directory first). I tried several variations on the above
path...still no go.  I tried on my linux machine, using the path
'/usr/local/ComSwiki/swiki/active', but still I got the same error. Any
suggestions?

Thank you.

John

BTW: thanks to all who offered Apache conf examples on reverse-proxing/virtual
hosting. Someone (maybe I will) should paste those into the swiki swiki FAQ.


----- Original Message -----
From: "Mark Guzdial" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 02, 2001 12:38 PM
Subject: [pws] Cool enhancement to Comanche: From Squeak list


> >Delivered-To: [EMAIL PROTECTED]
> >X-Sender: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >From: [EMAIL PROTECTED] (Kouji takahashi)
> >Subject: Re: [Q][Security] in web based squeaking?
> >Sender: [EMAIL PROTECTED]
> >X-BeenThere: [EMAIL PROTECTED]
> >X-Mailman-Version: 2.0
> >Reply-To: [EMAIL PROTECTED]
> >List-Help:
<mailto:[EMAIL PROTECTED]?subject=help>
> >List-Post: <mailto:[EMAIL PROTECTED]>
> >List-Subscribe: <http://lists.squeakfoundation.org/listinfo/squeak-dev>,
> >
> > <mailto:[EMAIL PROTECTED]?subject=subscri
> >be>
> >List-Id: The general-purpose Squeak developers list
> ><squeak-dev.lists.squeakfoundation.org>
> >List-Unsubscribe: <http://lists.squeakfoundation.org/listinfo/squeak-dev>,
> >
> > <mailto:[EMAIL PROTECTED]?subject=unsubsc
> >ribe>
> >List-Archive: <http://lists.squeakfoundation.org/pipermail/squeak-dev/>
> >Date: Tue, 2 Oct 2001 17:53:56 +0900
> >
> > Hi. I'm grad to hear your attempt.
> >
> > I'm using an intranet swiki which can contain squeak code between
> >'<?' and '?>' tag.
> >I simply put Mark Guzdial's ActiveSwikiAction into current swiki framework.
> >
> > Main application of my swiki is accessing our custmers database.
> >Each person can have own swiki pages containing specific query and formats.
> >It's very conveient to make small changes only with browsers eveywhere.
> >
> > ActiveSwikiAction searches danger keywords such as #('Smalltalk'
> >'view' 'open' 'perform:' 'FileStream' 'FileDirectory' 'fileIn'
> >'Compiler' 'halt' 'PWS' 'Swiki') and prevents execution.I think this
> >is not enough, but perfect protection is very hard.
> >
> > My strategy is make 'parts pages' which controled by secure
> >person(password protected), and permits others to only call(?)
> >'parts pages' and forget about security issue.
> > Adding 'page inlining' function make it easy to pile multiple 'parts pages'.
> >
> >------------- Page inlining example. This page shows results of 2
> >'parts pages'.
> >!Tako's today's schedule.
> >
> > **dateAndTimeNow**
> > **todaysSchedule?person=Tako**
> >---------------------------
> >'dateAndTimeNow" and 'todaysSchedule' are 'parts pages'.
> >
> > I did not implement '**todaysSchedule?person=Tako**' part, inluding
> >get fields to link needs some tweak.
> >
> > For me, debugging is the main problem. ActiveSwikiAction do not
> >give any debugging support.
> >Without Squeak environment, debugging is nightmare.
> >
> > Sorry for my poor English.
> >
> >bye.
> >
> >
> >At 18:39 01.9.27, Torge Husfeldt wrote:
> > > Hi there,
> > >
> > > A while ago I heard of the (theoretical) ability of swikis to support
> > > real smalltalk scripting inside the edited pages.
> > > Is this secure?
> > > Is there any swiki active that makes use of this feature?
> > >         (if not the first than most probably not the second ;-)
> > > Is anybody interested in developmentor actively developing in this
> > > direction?
> > >
> > > On the other hand what about security in the Squeak browser plugin? I
> > > gather it is very safe against malicious code but only by being very
> > > restrictive - is this still true? If so, I'd like to improve it to give
> > > the user the choice between restrictiveness and power/security and
> > > insecurity.
> > >
> > > I'd like to hear from every effort that has been made recently in this
> > > direction, any active projects or any thoughts you have on this topic.
> > > Looks like this is _the_ thing I will be working on for the next few
> > > months if it proves to be worth(not commercially though) it.
> > >
> > > Thanks in advance
> > > Torge
> > >
> > > P.S.: Even replys like "wrong list, post it there:..." welcome
> >
> >
> >-------------------------------
> >^. .^    Kouji Takahashi  <[EMAIL PROTECTED]>
> > ='=     Tel +81-3-3986-4834    Fax +81-3-5992-0792
>
> --------------------------
> Mark Guzdial : Georgia Tech : College of Computing : Atlanta, GA 30332-0280
> Associate Professor - Learning Sciences & Technologies.
> Collaborative Software Lab - http://coweb.cc.gatech.edu/csl/
> (404) 894-5618 : Fax (404) 894-0673 : [EMAIL PROTECTED]
> http://www.cc.gatech.edu/gvu/people/Faculty/Mark.Guzdial.html
>

Reply via email to