John Hampton wrote:
> Noah has already mentioned Alec's wonderful iniadmin plugin on > trac-hacks.org > > I'll also take this time to plug my own new siteupload[1] plugin on > trac-hacks.org. It will allow an administrator to upload files to the > htdocs directory of the trac environment, so one can then access them > via /chrome/site/. This allows an admin to upload a logo, etc, and then > use the iniadmin plugin to set the logo to the uploaded file. > I hear you, those plugins are great but again I'm at the hosting level, not the user level for iniadmin, if I wanted to use it I would need to patch it a lot, for exemple: no way to let the user choosing the db string like that, with a combobox using frozen different choices ok, but letting the user writing it, no no no, sorry not secure. idem for base_url and authz_file, those need to be locked imho. I'm not rejecting all Trac plugins, but I already went to hell for hosting that kind of stuff, till you're around 20 users, that's ok, if there is a problem you can still solve them case by case, but if the beast grow suddenly, your toasted, thousands of users messing with db paths, etc.. and then hiting support to ask "where the hell is my db ?" it can really be hell if you don't plan all that in paranoid mode :). Other concerns are users login/passwords, sure Trac can handle user access for Trac, but it is not made to handle email/ftp/etc. access and should not do those kind of tasks imho. And I'm not saying I want to build all from scratch, at the contrary I want to reuse existing solution as much as possible, but I really have to consider security at the host level, I'm lucky to be able to share some server resources to provide free hosting, but not at the cost of security. But I'm testing and planing, and if iniadmin or other plugins can help, even if they have to be patched, I will off course provide patch and documentations and explain the "why it has been patched like that". Hope to be understood here. zwetan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users -~----------~----~----~----~------~----~------~--~---
