Menu
▾
▴
phpwiki-talk
|
From: Carsten K. <car...@ma...> - 2002-02-21 09:09:11
|
PHPWeather uses an excellent web-based config-file generator. With permission from Martin Geisler of course, I think it could be easily adapted to generate an index.php file for PhpWiki. There are security issues to generating a config file this way, but they can probably be overcome. The whole thing is completely self contained in one file. It makes the necessary backups, provides text output for cut and paste when the file couldn't be written, and allows for comments and instructions. Anyway take a look, it's pretty neat. http://cvs.sourceforge.net/cgi- bin/viewcvs.cgi/phpweather/phpweather/configurator.php Carsten |
|
From: Lawrence A. <la...@us...> - 2002-02-21 12:25:46
|
I have been thinking for some time about some sort of InstallScript - see my comments at the bottom of http://phpwiki.sourceforge.net/phpwiki/NewUserPreferences Although I don't think it is that hard to edit index.php manually, I think a script would make phpWiki even easier. It could even try to set up the relevant db tables, or report an error (and give instructions) if it could not do so. Security is a big problem however. The webserver user must have write access to index.php (obviously), and experience says that no matter how often or clearly you tell users to change the permissions after install (or to remove the install script completely), they often do not do so. Lawrence At 09:09 21/02/2002, Carsten Klapp wrote: >PHPWeather uses an excellent web-based config-file generator. With >permission from Martin Geisler of course, I think it could be easily >adapted to generate an index.php file for PhpWiki. > >There are security issues to generating a config file this way, but they >can probably be overcome. > >The whole thing is completely self contained in one file. It makes the >necessary backups, provides text output for cut and paste when the file >couldn't be written, and allows for comments and instructions. > >Anyway take a look, it's pretty neat. > >http://cvs.sourceforge.net/cgi- >bin/viewcvs.cgi/phpweather/phpweather/configurator.php > >Carsten > > >_______________________________________________ >Phpwiki-talk mailing list >Php...@li... >https://lists.sourceforge.net/lists/listinfo/phpwiki-talk |
|
From: Preston L. B. <pre...@co...> - 2002-02-21 13:59:02
|
You get partly get around the security issue by only responding to requests from a fixed IP (default as localhost). You also might want to "lock" the installation - perhaps by something as simple as creating a "locked" file - so that privileged access is required to "unlock" the installation and allow changes. This protects you from the install script being run unintentionally (or not). From: Lawrence Akka > I have been thinking for some time about some sort of InstallScript - see > my comments at the bottom of > http://phpwiki.sourceforge.net/phpwiki/NewUserPreferences > > Although I don't think it is that hard to edit index.php > manually, I think > a script would make phpWiki even easier. It could even try to set up the > relevant db tables, or report an error (and give instructions) if > it could > not do so. > > Security is a big problem however. The webserver user must have write > access to index.php (obviously), and experience says that no matter how > often or clearly you tell users to change the permissions after install > (or to remove the install script completely), they often do not do so. > At 09:09 21/02/2002, Carsten Klapp wrote: > > >PHPWeather uses an excellent web-based config-file generator. With > >permission from Martin Geisler of course, I think it could be easily > >adapted to generate an index.php file for PhpWiki. > > > >There are security issues to generating a config file this way, but they > >can probably be overcome. > > > >The whole thing is completely self contained in one file. It makes the > >necessary backups, provides text output for cut and paste when the file > >couldn't be written, and allows for comments and instructions. > > > >Anyway take a look, it's pretty neat. > > > >http://cvs.sourceforge.net/cgi- > >bin/viewcvs.cgi/phpweather/phpweather/configurator.php |
|
From: Jeff D. <da...@da...> - 2002-02-21 15:06:51
|
I haven't looked at PHPweather, but have used Gallery (http://gallery.sf.net/) which also has an on-line config system. Here, to the best of my recollection, is how Gallery handles some of these issues. There one has to run a shell script (on the server) to enable configuration mode. The script changes some file permissions (and maybe adjusts .htaccess files, and I don't know what all else.) Then you fire up you browser and point it to your index.php. In configuration mode, you can only configure --- all the regular functionality is disabled. Once you're done configurating, you need to run a second shell script to put things in run mode. |
|
From: Reini U. <ru...@x-...> - 2002-02-22 18:47:52
|
Jeff Dairiki schrieb: > I haven't looked at PHPweather, but have used Gallery > (http://gallery.sf.net/) which also has an on-line config system. > Here, to the best of my recollection, is how Gallery handles some of these > issues. > > There one has to run a shell script (on the server) to enable configuration > mode. The script changes some file permissions (and maybe adjusts .htaccess > files, and I don't know what all else.) Then you fire up you browser and > point it to your index.php. In configuration mode, you can only configure > --- all the regular functionality is disabled. Once you're done > configurating, you need to run a second shell script to put things in run > mode. this is fine, but gallery is very hard to setup with php_value safe_mode on. I'll have to patch it to use the correct UID's, and php_value open_basedir must be also changed to point to the config dir also. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X