Re: [Postfixadmin-devel] config.local.php not being read.
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
Re: [Postfixadmin-devel] config.local.php not being read.
|
From: Christian B. <pos...@cb...> - 2009-04-22 12:18:07
|
Hello,
Am Mittwoch, 22. April 2009 schrieb David Goodwin:
> > I've just seen that you have removed the check if the
> > setup_password is "changeme" - but you have kept the check if it is
> > set at all.
> >
> > I'd vote to remove this check also (because it will cause problems
> > [aka lock postfixadmin] on upgrade if the old config.inc.php is
> > still used) and adds no security.
>
> No objections.
Done.
> > > > I also think that we no longer need to use the "developer hack"
> > > > $CONF['configured'] =
> > > > 'I_know_the_risk_of_not_deleting_setup.php' and should remove
> > > > the code sections checking for it (index.php, login.php).
> >
> > (still ToDo)
>
> Thought this had been dropped.. .ho hum.
Done.
This also fixes a bug that was well-hidden for developers. The old code
was:
if (!file_exists (realpath ("./setup.php")) || $CONF['configured'] ==
'I_know_the_risk_of_not_deleting_setup.php') {
header ("Location: login.php");
-> No redirect was done for $CONF[configured] == TRUE because setup.php
is not deleted anymore.
> > > I'll try and review the code shortly; I did wonder if the
> > > setup_password would be better off stored in the database, and we
> > > just supply a trivial 'passwd' type script which (when run)
> > > allows 'root' to set/change it?
>
> I had a look at it - and could see no obvious problems.
OK, good to hear.
> > Entering the wanted password in setup.php and copying the config
> > sniplet to config.inc.php is easy enough IMHO ;-)
>
> Yes. It would be nice if it was more user friendly - e.g. one form to
> generate the setup password, another to do the admin bit.
Sounds like a good idea. I'll see when I find the time to implement it.
> > BTW: Any news on the "alias magic and domain admins" bug?
> > http://sourceforge.net/tracker/?func=detail&aid=2745147&group_id=19
> >1583&atid=937964 (That's the only release blocker I'm currently
> > aware of...)
>
> I know how to solve it; I just haven't yet.
OK, then I don't need to waste time for searching for the solution ;-)
Regards,
Christian Boltz
--
I have the ideal solution for you to speed up the writing of
the manuals: http://www.lipsum.com/ - I am sure almost nobody
will notice the difference. ;-) [houghi in opensuse-wiki]
|
