Hi Ingo, All,
To clarify my thoughts and message.
Actually I was wrong when I said that "a feature was lost when common-theme was put in". The rest is right. This feature is the possibility, through
image.server.path property in catalog.properties file, to place the images, and other the static files as well, in a location that fits with you for
any reason. Notably following the NSA recommendation to place it in "a non-web accessible area". This to prevent webshell uploads and all kind of
other malicious files uploads. The same is true for the other property image.management.path.
So the fact that before common-theme was put in, with the folder for images /themes/common/images/webapp/images/, this folder was
/framework/images/webapp/images/ has nothing to do with "a non-web accessible area". That's you to decide...
There is also a ${tenantId} var used in image.server.path property that is used
in case of multi-tenant, that's another thing.
So I finally don't think it's necessary to put the images and image.management
in runtime. This would add nothing. I'll remove the FIXMEs
Jacques
Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
Hi Jacques,
thanks for the fast response. I will do it exactly as you say.
Best regards
Ingo
-----Ursprüngliche Nachricht-----
Von: Jacques Le Roux<[email protected]>
Gesendet: Montag, 7. Februar 2022 19:21
An:[email protected]
Betreff: Re: distTar
Hi Ingo,
You don't need to use
./gradlew "ofbiz start"
./gradlew ofbiz
is enough and does not generate zip/tar.
This said I'm currently working on a feature that was lost when common-theme
was put in. Fortunately tt was then documented by these FIXMEs #FIXME the image
server path need to be moved on runtime #FIXME the image management path need
to be moved on runtime
The idea is to not have the images under OFBiz tree but in a specific location
unrelated to OFBiz.
I'm actually also working on this for security reason. It's a NSA
recommendation*:
<<Officials explained that web applications should not be given
permissions to write directly to a web accessible directory or modify web
accessible code.
“Attackers are unable to upload a web shell to a vulnerable application if
the web server blocks access to the web accessible directory,”
according to the guidance. “To preserve functionality, some web
applications require configuration changes to save uploads to a non-web
accessible
area.”>>
“To preserve functionality, some web applications require configuration changes
to save uploads to a non-web accessible area.” That's exactly what we lost with
common-theme. Fortunately it was documented and I stumbled upon it while
working on related security issues.
Having images, and at large static files, in a specific location can also allow
to speed things...
HTH
Jacques
*https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malware-vulnerabilities-mitigation
Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
Hi everybody,
I have a question about building ofbiz. In previous versions for example 17.12
I had the following process:
./gradlew build (build the project and see if everything is fine)
./gradlew "ofbiz start"
Now I am working with the current trunk and when I start ./gradlew build it starts
"disttar" and generates a .tar and a .zip. As I have lots of images in a project it uses
lots of disk space and time. Is my process wrong? Is there "correct" way of how it should
be done?
Thanks for every hint.
Best regards,
Ingo
