Hi all!
Up to now, my PHPGV site is a private site. Users have to authenticate first through Windows authentication. Once in PHPGV, separate users are not used, so logging on to PHPGV is not needed. Now, I'm considering to give my users the enhanced functionality offered by the personalized portal of PHPGV. However, I don't want my users to log in twice. That would mean anonymous access to the site (Windows/IIS level) and authentication in PHPGV. And also anonymous access on the files on my site, which is not a problem, if access is limited to readonly. In the readme however, is stated that users need read/write access to some files and dirs.
Now my question: In the MySQL-version, what are the minimal rights for ordinary users? In other words, do they need any write-access to files/dirs?
Thnx
Boudewijn.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the MySQL version, once you have setup and configured PhpGedView, you can turn off the write permissions on the files and everything should run without any problems.
In the Index version you will still need to have write permissions on the ./index directory and the authenticate.php file so that PhpGedView can store the user specific settings. The users themselves don't modify the files, but the program will for them. Permissions usually aren't a problem on windows based systems.
--John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
John, that sounds pretty secure. I have tested it in the meanwhile, by setting all files to readonly. Without logging on to PHPGedview, all functions seem to work properly.
When I try to login, problems seem to occur. I get the following errors:
Warning: fopen(./index//pgv-20031121.log): failed to open stream: Permission denied in F:\Data\GedView2.61b1\authentication_mysql.php on line 353
Warning: flock(): supplied argument is not a valid stream resource in F:\Data\GedView2.61b1\authentication_mysql.php on line 354
Warning: fputs(): supplied argument is not a valid stream resource in F:\Data\GedView2.61b1\authentication_mysql.php on line 355
Warning: flock(): supplied argument is not a valid stream resource in F:\Data\GedView2.61b1\authentication_mysql.php on line 356
Warning: fclose(): supplied argument is not a valid stream resource in F:\Data\GedView2.61b1\authentication_mysql.php on line 357
Warning: Cannot modify header information - headers already sent by (output started at F:\Data\GedView2.61b1\authentication_mysql.php:353) in F:\Data\GedView2.61b1\login.php on line 41
I suppose the system tries to write something to the logfile in ./index? That means that the "anonymous access user" has to have write access there?
Boudewijn.
Boudewijn
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The logs track who logs in, and what they do while they are logged in. So if you want the logs, you will need to enable write access on the indi directory. If you don't want logs, you can disable them by removing the AddToLog function in the authentication_mysql.php file.
--John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thnx for your reply.
I like to see what's going on, so I appreciate the log-fuction. That means I have to give create and write permissions in the directory. No real problem, because it neither affects the data nor the program-files.
Regards,
Boudewijn.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all!
Up to now, my PHPGV site is a private site. Users have to authenticate first through Windows authentication. Once in PHPGV, separate users are not used, so logging on to PHPGV is not needed. Now, I'm considering to give my users the enhanced functionality offered by the personalized portal of PHPGV. However, I don't want my users to log in twice. That would mean anonymous access to the site (Windows/IIS level) and authentication in PHPGV. And also anonymous access on the files on my site, which is not a problem, if access is limited to readonly. In the readme however, is stated that users need read/write access to some files and dirs.
Now my question: In the MySQL-version, what are the minimal rights for ordinary users? In other words, do they need any write-access to files/dirs?
Thnx
Boudewijn.
In the MySQL version, once you have setup and configured PhpGedView, you can turn off the write permissions on the files and everything should run without any problems.
In the Index version you will still need to have write permissions on the ./index directory and the authenticate.php file so that PhpGedView can store the user specific settings. The users themselves don't modify the files, but the program will for them. Permissions usually aren't a problem on windows based systems.
--John
John, that sounds pretty secure. I have tested it in the meanwhile, by setting all files to readonly. Without logging on to PHPGedview, all functions seem to work properly.
When I try to login, problems seem to occur. I get the following errors:
Warning: fopen(./index//pgv-20031121.log): failed to open stream: Permission denied in F:\Data\GedView2.61b1\authentication_mysql.php on line 353
Warning: flock(): supplied argument is not a valid stream resource in F:\Data\GedView2.61b1\authentication_mysql.php on line 354
Warning: fputs(): supplied argument is not a valid stream resource in F:\Data\GedView2.61b1\authentication_mysql.php on line 355
Warning: flock(): supplied argument is not a valid stream resource in F:\Data\GedView2.61b1\authentication_mysql.php on line 356
Warning: fclose(): supplied argument is not a valid stream resource in F:\Data\GedView2.61b1\authentication_mysql.php on line 357
Warning: Cannot modify header information - headers already sent by (output started at F:\Data\GedView2.61b1\authentication_mysql.php:353) in F:\Data\GedView2.61b1\login.php on line 41
I suppose the system tries to write something to the logfile in ./index? That means that the "anonymous access user" has to have write access there?
Boudewijn.
Boudewijn
I forgot about the logs.
The logs track who logs in, and what they do while they are logged in. So if you want the logs, you will need to enable write access on the indi directory. If you don't want logs, you can disable them by removing the AddToLog function in the authentication_mysql.php file.
--John
John,
Thnx for your reply.
I like to see what's going on, so I appreciate the log-fuction. That means I have to give create and write permissions in the directory. No real problem, because it neither affects the data nor the program-files.
Regards,
Boudewijn.