[phpSecureSite-devel] RE: Vaporware
Status: Alpha
Brought to you by:
egrinake
Menu
▾
▴
[phpSecureSite-devel] RE: Vaporware
|
From: Erik G. <er...@ch...> - 2002-01-01 20:07:13
|
On Mon, 2001-12-31 at 15:29, Woolhiser, Eric wrote: > I've got some real life grungy things to do today ...like resurrect a sys= tem > that bluescreens while booting... I've read your note on GPL. I use GPL f= or > midwatch.org and the last time I read it, it allows you to use the open > source code anyway you like, but it does not allow redistribution of the > code unless you open all of your code that you mixed in with the open sou= rce > code you got. Yeah, that's how I thought it worked. I'll just give it a quick look though, just to be sure... > Thus a e-commerce company could use your code as part of thier website, a= nd > keep the whole website closed as long as they didn't distribute the site. Perfect! > I see by your quote of Antoine de Saint-Exup=E9ry, that you very likely h= ave > read Eric Raymond. It's helpful to speak the same language. ;) Hehe, sure have. I guess we have a pretty equal perspective on things at least, which is nice :) > Picture the Webmaster who is a little code savy, wants PHP dynamic conten= t, > but is renting space on some websever where he doesn't have total admin > control over the server. >=20 > It may be that PHPSecureSite will be a quick and easy way for him to buil= d a > website that would track users and allow logins and stuff. Can we constru= ct > a system were such a webmaster could make use of PHPSecureSite while only > having limited admin control? Assume that the webmaster has been granted > full access to at least one MySQL database on the server. Yep, this is also the kind of scenario I'm designing the project for. Large companies etc building a secure wep-app probably have developers who are more than capable of handling the task themselves. What I'd like phpSecureSite to be is a quick and easy way for your average Joe Q. Webmaster to add *secure* authentication and session-handling to their webapp. Although I've seen all too many "professionally" made webapps with a terrible, terrible, terrible security-scheme - which is why I don't use php's session() family of functions, and rely on a built-from-scratch session handling scheme, so that it can be easily integrated into more complex applications, and fine-tuned to perfection. As the system is today all you need is rw-access to the filesystem (via ftp or whatever) and full access to a mysql database. > Anyway, if you want to use the mail lists on source forge you should star= t > using them.=20 > While this message isn't really a release announcement, I am cc:ing it th= ere > because you don't have a developers mail list set up. Well, there is now; phpsecuresite-devel. This message is CC'ed there, and I suggest we conduct future discussions there. > (and BTW, there is no conspiracy) http://www.tuxedo.org/~esr/ecsl Haha, that is *so* cool :) Better sign up right away (and yes, I *will* get you your coolness-point for recruiting me :)). --=20 Erik Grinaker UNIX/Linux systems consultant Elan IT Resource - www.elanit.no "Perfection is acheived not when there is nothing more to add, but rather when there is nothing more to take away" - Antoine de Saint-Exup=E9ry |
