On Mon, 2001-12-31 at 15:29, Woolhiser, Eric wrote:
> I've got some real life grungy things to do today ...like resurrect a sys=
tem
> that bluescreens while booting... I've read your note on GPL. I use GPL f=
or
> midwatch.org and the last time I read it, it allows you to use the open
> source code anyway you like, but it does not allow redistribution of the
> code unless you open all of your code that you mixed in with the open sou=
rce
> code you got.
Yeah, that's how I thought it worked. I'll just give it a quick look
though, just to be sure...
> Thus a e-commerce company could use your code as part of thier website, a=
nd
> keep the whole website closed as long as they didn't distribute the site.
Perfect!
> I see by your quote of Antoine de Saint-Exup=E9ry, that you very likely h=
ave
> read Eric Raymond. It's helpful to speak the same language. ;)
Hehe, sure have. I guess we have a pretty equal perspective on things at
least, which is nice :)
> Picture the Webmaster who is a little code savy, wants PHP dynamic conten=
t,
> but is renting space on some websever where he doesn't have total admin
> control over the server.
>=20
> It may be that PHPSecureSite will be a quick and easy way for him to buil=
d a
> website that would track users and allow logins and stuff. Can we constru=
ct
> a system were such a webmaster could make use of PHPSecureSite while only
> having limited admin control? Assume that the webmaster has been granted
> full access to at least one MySQL database on the server.
Yep, this is also the kind of scenario I'm designing the project for.
Large companies etc building a secure wep-app probably have developers
who are more than capable of handling the task themselves. What I'd like
phpSecureSite to be is a quick and easy way for your average Joe Q.
Webmaster to add *secure* authentication and session-handling to their
webapp. Although I've seen all too many "professionally" made webapps
with a terrible, terrible, terrible security-scheme - which is why I
don't use php's session() family of functions, and rely on a
built-from-scratch session handling scheme, so that it can be easily
integrated into more complex applications, and fine-tuned to perfection.
As the system is today all you need is rw-access to the filesystem (via
ftp or whatever) and full access to a mysql database.
> Anyway, if you want to use the mail lists on source forge you should star=
t
> using them.=20
> While this message isn't really a release announcement, I am cc:ing it th=
ere
> because you don't have a developers mail list set up.
Well, there is now; phpsecuresite-devel. This message is CC'ed there,
and I suggest we conduct future discussions there.
> (and BTW, there is no conspiracy) http://www.tuxedo.org/~esr/ecsl
Haha, that is *so* cool :) Better sign up right away (and yes, I *will*
get you your coolness-point for recruiting me :)).
--=20
Erik Grinaker
UNIX/Linux systems consultant
Elan IT Resource - www.elanit.no
"Perfection is acheived not when there is nothing more to add, but
rather when there is nothing more to take away"
- Antoine de Saint-Exup=E9ry
|
