Re: I still love this web app.. but no developer activity!?
I don't get exactly what you intend to communicate in this mail, but converting phpshell to a different language would not be a good idea. I use phpshell for crappy webhosts that don't provide normal ssh access (or do it very poorly). These webhosts often have just php available and no other scripting languages. As far as I know just about all python/ruby webhosts also provide ssh, so just use that then. If you want to access a shell through a webbrowser where you can run your own programs, have a look at Shell in a Box. On Tue, Jun 12, 2012 at 5:31 PM, John Bessa john.be...@gmail.com wrote: Hi all, It is nice to have all this attention (all of a sudden) In fairness to Perl and Shell(s), they are very good in their contexts which is low level control of the OS. Perl was first to be a Web server, but that was 17 yrs ago, and 12 yrs ago it was basically killed by the tech crash of 2000, and also the terror event on Sept 11, 2001 at the World Trade Center, as influential NYC CPU community was meeting in those very buildings and thriving because of financial technology. The history of Perl is a long topic far beyond the scope of this group, but suffice to say it halted on a certain date with all its projects becoming sad shipwrecks on the beaches of the information sea. There were unquestionably maladaptive issues along (such as continual violent flaming sometimes manifested as physical threats) that may have added to its demise by allowing, well, mental illness to control the basic design. I actually heard Larry Walls say a certain concept should be inserted by saying it is sick. Telling indeed! Having said that, I am planning to deconstruct the Oddmuse wiki, which is written in perl, to created a tool for collaborative creation to understand its structure. SInce mobwrite is the collaboration vehicle of choice (used and tested by Google Docs which has suddenly become useless because of Ajax problems) then the suggestion for using Python seems appropriate because the server is written in Python. As is, the document state control in Mobwrite is separate from the saving features when it is implemented with, say, a wiki. So perhaps the underlying toolset of this PHP shell should be converted to Python so that it can be implemented into bigger systems. Or perhaps PHP be organized to give it the benefits of Python and mobwrite binaries inserted into a PHP. Thus one gets the two necessary features of web expression: textual creation and system control. Within this needs to be a development system (so that the user can actually control his technological destiny) that actually wraps the two. As is you barely get either, and nothing combines them. Pretty sad after about a 1/4 century of Internet, wouldn't you say? Regards, John -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ phpshell-devel mailing list phpshell-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpshell-devel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ phpshell-devel mailing list phpshell-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpshell-devel
Re: I still love this web app.. but no developer activity!?
Thanks!
I'll have a look at what the admin side of sourceforge brings.
Regarding password storage, the problem is that /password/ hashing should
be (relatively) slow, to prevent brute force searches on ever faster
hardware. I want to use phpass http://www.openwall.com/phpass/ for that,
which is also used by Drupal, Wordpress, phpBB and other projects. It
supports even php version 3, using stronger hashes when available. See
thishttp://www.openwall.com/articles/PHP-Users-Passwordsfor more
explanation.
I also intend to keep everything php4 compatible, when I first started
using phpshell I also needed that.
On Wed, Jun 13, 2012 at 9:20 PM, Wolfgang Dautermann
da...@oeh.tu-graz.ac.at wrote:
Am 13.06.2012 09:46, schrieb Jan Kanis:
Hi Wolfgang,
SVN access would be easiest for me.
Hi Jan!
You are now a member of the project with SVN access.
Welcome to the team.
I currently just intend to add the changes I already made to the
official repo and I'll probably add a better password hashing since
just SHA is not considered secure anymore for password storage.
Hm. Concerning password hashing - I believe sha1() *with salt* should be
okay. There is no (native) sha2() function in PHP - yes you have the
hash()-function, but there are recent PHP versions (= 5.1.2) required.
And I think a self-coded sha2()-function (in PHP) might be more insecure
than (salted) sha1().
Even for the move from md5() to sha1() I checked, if sha1() is
available, because it is only present in PHP = 4.3.0:
if ( function_exists('sha1') ) {
$fkt = 'sha1' ;
} else {
$fkt = 'md5' ;
} ;
Would be fine, if phpshell works even with older PHP versions (because
that is my use-case. I need it sometimes on a server with PHP 4.3.1 (no,
I am not the admin there...), to remove some files created by apache, ...)
Best regards from Austria,
Wolfgang
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
phpshell-devel mailing list
phpshell-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpshell-devel
Re: I still love this web app.. but no developer activity!?
Hi all, It is nice to have all this attention (all of a sudden) In fairness to Perl and Shell(s), they are very good in their contexts which is low level control of the OS. Perl was first to be a Web server, but that was 17 yrs ago, and 12 yrs ago it was basically killed by the tech crash of 2000, and also the terror event on Sept 11, 2001 at the World Trade Center, as influential NYC CPU community was meeting in those very buildings and thriving because of financial technology. The history of Perl is a long topic far beyond the scope of this group, but suffice to say it halted on a certain date with all its projects becoming sad shipwrecks on the beaches of the information sea. There were unquestionably maladaptive issues along (such as continual violent flaming sometimes manifested as physical threats) that may have added to its demise by allowing, well, mental illness to control the basic design. I actually heard Larry Walls say a certain concept should be inserted by saying it is sick. Telling indeed! Having said that, I am planning to deconstruct the Oddmuse wiki, which is written in perl, to created a tool for collaborative creation to understand its structure. SInce mobwrite is the collaboration vehicle of choice (used and tested by Google Docs which has suddenly become useless because of Ajax problems) then the suggestion for using Python seems appropriate because the server is written in Python. As is, the document state control in Mobwrite is separate from the saving features when it is implemented with, say, a wiki. So perhaps the underlying toolset of this PHP shell should be converted to Python so that it can be implemented into bigger systems. Or perhaps PHP be organized to give it the benefits of Python and mobwrite binaries inserted into a PHP. Thus one gets the two necessary features of web expression: textual creation and system control. Within this needs to be a development system (so that the user can actually control his technological destiny) that actually wraps the two. As is you barely get either, and nothing combines them. Pretty sad after about a 1/4 century of Internet, wouldn't you say? Regards, John -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ phpshell-devel mailing list phpshell-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpshell-devel
