I note there was a release on 13 January this year so one would assume someone is working on it, however when you look at the bug tracker there are pages of unresolved reports (or are they fixed and just not updated). Equally the Wiki is quite out of data. Such a shame really.
I think I have found a bug in the security which allows anyone to view a ged file, even if they do not have permission. I've fixed it in my own setup but wonder if it is worth reporting - is the developer(s) actively reading this?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Dajuk
There are plenty of threads here about the whys and hows of the state of affairs with this project, but there are a couple of parties interested and working on bits an pieces and John Finlay is still working on the project, albeit with attention to a newer version. As to the reasons, you can read these yourself on a multitude of threads.
HOWEVER, there are those interested in squashing any security bug as evidenced by the recent release and previous postings and if you have a valid issue, I would suggest - rather than exposing it here - to write to one of the developers directly via their SF address and inquire/advise us of the problem so we can review.
If you are speaking of accessing the GEDCOM directly via a URL, this is not a security bug, but a known problem with some server configurations and the main reason that it is suggested that the INDEX (or renamed version thereof) folder be moved to a non-web-addressable location and to not depend strictly upon the included .htaccess file. Some ISP's do not properly configure their servers to use the .htaccess provided and thus do leave the GEDCOM downloadable by directly specifying the URL.
Maintaining the GEDCOM in the folder titled INDEX is not a requirement for successful operations of PGV and is probably not a good idea (hence the several suggestions to do otherwise). If your problem is not related to this issue, please write one of us immediately so it can be investigated. -Stephen
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Simple question really - Is PGV maintained?
I note there was a release on 13 January this year so one would assume someone is working on it, however when you look at the bug tracker there are pages of unresolved reports (or are they fixed and just not updated). Equally the Wiki is quite out of data. Such a shame really.
I think I have found a bug in the security which allows anyone to view a ged file, even if they do not have permission. I've fixed it in my own setup but wonder if it is worth reporting - is the developer(s) actively reading this?
Dajuk
There are plenty of threads here about the whys and hows of the state of affairs with this project, but there are a couple of parties interested and working on bits an pieces and John Finlay is still working on the project, albeit with attention to a newer version. As to the reasons, you can read these yourself on a multitude of threads.
HOWEVER, there are those interested in squashing any security bug as evidenced by the recent release and previous postings and if you have a valid issue, I would suggest - rather than exposing it here - to write to one of the developers directly via their SF address and inquire/advise us of the problem so we can review.
If you are speaking of accessing the GEDCOM directly via a URL, this is not a security bug, but a known problem with some server configurations and the main reason that it is suggested that the INDEX (or renamed version thereof) folder be moved to a non-web-addressable location and to not depend strictly upon the included .htaccess file. Some ISP's do not properly configure their servers to use the .htaccess provided and thus do leave the GEDCOM downloadable by directly specifying the URL.
Maintaining the GEDCOM in the folder titled INDEX is not a requirement for successful operations of PGV and is probably not a good idea (hence the several suggestions to do otherwise). If your problem is not related to this issue, please write one of us immediately so it can be investigated.
-Stephen