"Philipp Rotmann, Linksystem Muenchen" wrote:
> Until now, it consists of one Snippet and two pages, each with
> some page elements. I'm also not yet happy with the poor
> separation between code, design and content -- another topic I'd
> need input from others. No input without others looking at the
> code, and no one else looking at the code without some kind of
> packaging ;-)
Repligard?
> > Another question that comes to mind is the one of
> > configuration. For the beginning, a Midgard app could ship
> > with an INSTALL file describing the parts of the XML file to
> > change before import via repligard, more complex apps could
> > use autoconf -- but when we get to the point that Asgard
> > supports import/export of applications via HTTP, some
> > 'configure' functionality would be needed.
>
> Well, for now I've just defined some constant values in my
> Snippet -- that should do it for a while.
Writing configure scripts is easy, especially if they only
need to manipulate text fields. If you can give me a hint on what
you need, I can put together a script for you.
> Back to midHoo: I'm planning to call it midHoo 2.0 after
> release, so I'm now playing with midHoo 2.0alpha, since the
> stuff that is currently running lacks some important features:
> - language independence (coded strictly in English, error
> messages in English, "normal" interface in German for the
> moment because I need a German interface for the customer
> site)
> - full-text search
I'd try to interface with mnogoSearch.
> - inclusion of more than the "pre-defined" midHoo link fields
> in the email to the editor (my client wants the possibility
> to ask people a number of additional questions such as about
> their physical address, and those information should reach
> him by email and not be stored in the database)
I don't really understand this.
> BTW, there's a possible security problem in it: In order to be
> able to create a link record w/o being logged in (as anonymous
> users should be able to submit links for approval), I created a
> user 'guest' and a group 'guest' that owns the midHoo topic
> tree (and only that). Now anyone could crack guest's password
> and view all the stuff in that sitegroup -- is there any other
> possibility to reach the same objective w/o exposing the system
> that much?
I've had plans on making 'setuid' pages which would assume the identity
of the author of the page. I haven't actually built it yet. But the
problem is general -- any account is vulnerable to this, not just the
guest account used in this fashion.
Emile
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
