Sylvain Beucler <[EMAIL PROTECTED]> tapota : > Hello, > > Sebastian Wieseler and I plan to work on a download area interface > feature. > > We have two questions: > > - We hesitated between two models: > > * give Apache write access to the files directories, which is > simpler, > > * or mimic Savane's project creations, ie write all changes in the > database and have them done by the cron job. > > The first seems less secure since if any hole in Apache or in the > software that run on top of it (ie Savane), it can be used to mess the > uploaded files up. > > Right now, we think we will chose then second model. What do you think?
I agree, the first option seems way too risky. > - We could like to make this feature integrated in Savane. Does it >fit in the project, or does it have to be provided separately? Well, I have no clear idea of what you mean by "download area interface feature". If it is about allowing file upload with PHP to add files in the download area with an interface, I guess that would be possible, despite the fact that's not a feature I'd like to see available at Gna! (web browser is probably the worst tool for file upload, not to mention the loss of ssh security) -- so it would have to be configurable. But I guess this would require to give apache write access and so this is not the second option you're thinking about. Can you elaborate how would works this second option? Do you plan to store in the database data sent and then get it written by a backend script? This could be indeed added, with not much work (a PHP page that allows adding entry in the db, a backend script that extra data and remove it when written). But I'm not sure of what it would implies for your SQL server (hum, what would happen if several persons upload several files of more than 2 MB at the same time... ?), especially in regard of scalability. (More generally, unless something defeat the whole design of Savane, any features could be added even if they are of interest of only 1% of Savane installations) -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+
