Re: [dl-ticket-service] Re: Issue with $dataDir

2010-10-14 Thread Yuri D'Elia
On Thu, 14 Oct 2010 13:44:17 +0200 ssc wrote: > Not working with: > // dsn: set the DSN of your database (read the installation manual) > $dsn = "sqlite:$dataDir/data.sdb"; > > > Notice: Undefined variable: dataDir in /var/www/dl/include/config.php on > line 48 Ok, now I understand what you m

Re: [dl-ticket-service] Re: request for comments: password protection

2010-10-14 Thread Yuri D'Elia
On Thu, 14 Oct 2010 13:34:29 +0200 ssc wrote: > But don't you think, that in most cases the administrator of dl will > also be the root or a privileged user on the webserver/system? In this > case he would always be able to get those uploaded files through system > access. In one of the cases

[dl-ticket-service] Re: Issue with $dataDir

2010-10-14 Thread ssc
Not working with: // dsn: set the DSN of your database (read the installation manual) $dsn = "sqlite:$dataDir/data.sdb"; Notice: Undefined variable: dataDir in /var/www/dl/include/config.php on line 48 Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [14] unable t

[dl-ticket-service] Re: request for comments: password protection

2010-10-14 Thread ssc
My initial idea was that if one user creates a ticket which is password-protected, no password is ever shown or stored, and an administrator won't be automatically able to download it. You can remove it, maybe rename it, but that's it. But don't you think, that in most cases the administrator of

Re: [dl-ticket-service] Issue with $dataDir

2010-10-14 Thread Yuri D'Elia
On Thu, 14 Oct 2010 12:36:26 +0200 ssc wrote: > Hello, > > I've encountered an issue with the variable $dataDir in config.php > ($dsn). Whatever I do, there's no chance to resolve this variable. > > dl runs on Debian 5 with Apache2, PHP5 and SQLITE3. I get the same error > in two different en

Re: [dl-ticket-service] Re: request for comments: password protection

2010-10-14 Thread Yuri D'Elia
On Thu, 14 Oct 2010 12:34:29 +0200 ssc wrote: > What's the problem with storing the download password in clear text? I > can't see any security reason for this. This is just the download and > every admin should be able to re-read the password. My initial idea was that if one user creates a ti

[dl-ticket-service] Re: Issue with $dataDir

2010-10-14 Thread ssc
Sorry, I've forgotten the version number. I'm using 0.8.

[dl-ticket-service] Issue with $dataDir

2010-10-14 Thread ssc
Hello, I've encountered an issue with the variable $dataDir in config.php ($dsn). Whatever I do, there's no chance to resolve this variable. dl runs on Debian 5 with Apache2, PHP5 and SQLITE3. I get the same error in two different environments. The only way to solve this issue is to replace

[dl-ticket-service] Re: request for comments: password protection

2010-10-14 Thread ssc
Hi, > > I agree the current behavior is sub-optimal. DL should either: > > > > 1# Never send clear-text passwords, or > > 2# Send it all the time (storing it in clear-text on the server). > > > > I personally think that #1 makes more sense (gives the password > > some more meaning), but I don't h