Menu
▾
▴
Re: [Webical-developers] release 0.2?
|
From: Ivo v. D. <ivo...@gm...> - 2007-09-14 10:39:38
|
On 9/14/07, Mattijs Hoitink <ma...@fu...> wrote: > > > The bootstrap is only meant for development purposes. This should not be > included in the release. A maven profile should be created specifically for > the releases, here these kinds of issues can be addressed (by not including > the bootstrap spring configuration) > > I will strip the bootstrap from the release as it is not needed. I already > created a build target "release" that excludes it. See last commit. > > 2. The /app/configuration URL is protected by admin:admin u:p. > > - how about telling the installer to change those default values? > > > This is a side effect of the bootstrap bean. If the bootstrap bean is not > included the firstrunwizard is shown and the administrator must fill in > those details himself. > > This is the correct way to do it i think. > > > 3. Split the README authentication section in: > > - MySQL container managed > > - LDAP container managed (only refer to the Webical wiki, since this > > probably won't be the most used config. please ask Thijs to place his > > notes there) > > > The readme assuemes you are using MySQL for authentication. Altering the > authentication method is covered by comments in the webical.xml file. > Did I mis something? What is the webical.xml file? 4. Split up the README database section in: > > - webical db config, with a webical-bootstrap.sql > > - if applicable: webical auth config, with a webical-auth.sql (by > > default use the same database as webical db. > > > > The database tables are generated by webical itself if they don't > exist, so a webical-bootstrap.sql is not needed. The user only needs to > create authentication tables if he/she wants to use MySQL as authentication > for Tomcat. The readme assumes this is so, so the user has to execute > auth_setup.sql. > Changing the authentication method for tomcat is specified in the readme > and the webical.xml file. > Hmm, don't know if this is the preferred way. I checked the current config and the SessionFactory is set to create the database indeed. This does mean that with every redeploy all data is lost... I don't think this will be appreciated to much :) 5. Are the README, webical.xml, and *.sql in subversion? if not, please > > put them there. > > > I will create a docs directory to put documentation in. > > > > 6. The default u/p for accessing (webical:webical) the database are not > > mentioned in te README. Please mention what u/p you assume, and what > > rights to the database it should have. > > > Done. The readme assumes you have a database 'webical' at localhost, with > webical/webical as u/p > > Do you think we should ship with default u/p/dbname values or should > > everything be explicitly filled out? > > > I think shipping with a default will be easier. With the defaults, the > application can be deployed without editing any files. > The readme mentions that it is possible to edit the u/p values. What > parameters can be changed is covered by the files itself. > Like we talked about; I don't think this is a good idea. It's indeed simpler for first-time usage, but this does pose a nice security hole. You'll see that people are not inclined to changed the defaults after everything is setup and this leaves a lot of webical instances (assuming interest will pick up :)) with a default user/password... cheers, > > mattijs > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Webical-developers mailing list > Web...@li... > https://lists.sourceforge.net/lists/listinfo/webical-developers > > -- Ivo van Dongen Func. Internet Integration W http://www.func.nl T +31 20 4230000 F +31 20 4223500 |
