On Thu, 14 Oct 2010 13:44:17 +0200
ssc wrote:
> Not working with:
> // dsn: set the DSN of your database (read the installation manual)
> $dsn = "sqlite:$dataDir/data.sdb";
>
>
> Notice: Undefined variable: dataDir in /var/www/dl/include/config.php on
> line 48
Ok, now I understand what you m
On Thu, 14 Oct 2010 13:34:29 +0200
ssc wrote:
> But don't you think, that in most cases the administrator of dl will
> also be the root or a privileged user on the webserver/system? In this
> case he would always be able to get those uploaded files through system
> access.
In one of the cases
Not working with:
// dsn: set the DSN of your database (read the installation manual)
$dsn = "sqlite:$dataDir/data.sdb";
Notice: Undefined variable: dataDir in /var/www/dl/include/config.php on
line 48
Fatal error: Uncaught exception 'PDOException' with message
'SQLSTATE[HY000] [14] unable t
My initial idea was that if one user creates a
ticket which is password-protected, no password
is ever shown or stored, and an administrator won't be
automatically able to download it. You can remove it,
maybe rename it, but that's it.
But don't you think, that in most cases the administrator of
On Thu, 14 Oct 2010 12:36:26 +0200
ssc wrote:
> Hello,
>
> I've encountered an issue with the variable $dataDir in config.php
> ($dsn). Whatever I do, there's no chance to resolve this variable.
>
> dl runs on Debian 5 with Apache2, PHP5 and SQLITE3. I get the same error
> in two different en
On Thu, 14 Oct 2010 12:34:29 +0200
ssc wrote:
> What's the problem with storing the download password in clear text? I
> can't see any security reason for this. This is just the download and
> every admin should be able to re-read the password.
My initial idea was that if one user creates a ti
Sorry, I've forgotten the version number.
I'm using 0.8.
Hello,
I've encountered an issue with the variable $dataDir in config.php
($dsn). Whatever I do, there's no chance to resolve this variable.
dl runs on Debian 5 with Apache2, PHP5 and SQLITE3. I get the same error
in two different environments. The only way to solve this issue is to
replace
Hi,
> > I agree the current behavior is sub-optimal. DL should either:
> >
> > 1# Never send clear-text passwords, or
> > 2# Send it all the time (storing it in clear-text on the server).
> >
> > I personally think that #1 makes more sense (gives the password
> > some more meaning), but I don't h