Re: [Postfixadmin-devel] config.local.php not being read.

[Christian B. <pos...@cb...>]

Hello,

Am Donnerstag, 16. April 2009 schrieb David Goodwin:
> Christian Boltz wrote :
> > Am Dienstag, 14. April 2009 schrieb David Goodwin:

> > Note: I'll remove the check for $CONF['setup_password'] from
> > common.php again because:

I've just seen that you have removed the check if the setup_password 
is "changeme" - but you have kept the check if it is set at all.

I'd vote to remove this check also (because it will cause problems [aka 
lock postfixadmin] on upgrade if the old config.inc.php is still used) 
and adds no security.

Any objections?

> > I also think that we no longer need to use the "developer hack"
> >     $CONF['configured'] =
> > 'I_know_the_risk_of_not_deleting_setup.php' and should remove the
> > code sections checking for it (index.php, login.php).

(still ToDo)

> I'll try and review the code shortly; I did wonder if the
> setup_password would be better off stored in the database, and we
> just supply a trivial 'passwd' type script which (when run) allows
> 'root' to set/change it?

IMHO: No, please keep it in config.inc.php - that's the easiest and most 
secure solution I can think of.

> At the very least, I suspect we need to make it easy for people to
> generate the hashed value.... else we'll have zillions of forum
> posts.

Entering the wanted password in setup.php and copying the config sniplet 
to config.inc.php is easy enough IMHO ;-)


BTW: Any news on the "alias magic and domain admins" bug?
http://sourceforge.net/tracker/?func=detail&aid=2745147&group_id=191583&atid=937964
(That's the only release blocker I'm currently aware of...)


Regards,

Christian Boltz
-- 
> The issue here is the one of disk space... How do you know before hand
> there is enough disk space in /boot and /lib?
Err, ask Mr. Filesystem and, given your hd has turned ROM because it's
full, fail gracefully?
[> Marcus Meissner and Wolfgang Woehl in opensuse-factory]