Hi Jaques,
I have one more question to the image path: When I set the "image.server.path"
to for example "/home/ofbiz/images" the file is uploaded fine - the files are
in the right path. Unfortunately viewing the image requires it to be available
via a webpath as by default /images
Do you have a recommendation on how to set it up correctly?
Best regards,
Ingo
-----Ursprüngliche Nachricht-----
Von: Jacques Le Roux <jacques.le.r...@les7arts.com>
Gesendet: Freitag, 11. Februar 2022 19:06
An: user@ofbiz.apache.org
Betreff: Re: AW: distTar
Hi Ingo, All,
To clarify my thoughts and message.
Actually I was wrong when I said that "a feature was lost when common-theme was
put in". The rest is right. This feature is the possibility, through
image.server.path property in catalog.properties file, to place the images, and
other the static files as well, in a location that fits with you for any
reason. Notably following the NSA recommendation to place it in "a non-web
accessible area". This to prevent webshell uploads and all kind of other
malicious files uploads. The same is true for the other property
image.management.path.
So the fact that before common-theme was put in, with the folder for images
/themes/common/images/webapp/images/, this folder was
/framework/images/webapp/images/ has nothing to do with "a non-web accessible
area". That's you to decide...
There is also a ${tenantId} var used in image.server.path property that is used
in case of multi-tenant, that's another thing.
So I finally don't think it's necessary to put the images and image.management
in runtime. This would add nothing. I'll remove the FIXMEs
Jacques
Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit :
> Hi Jacques,
>
> thanks for the fast response. I will do it exactly as you say.
>
> Best regards
> Ingo
>
>
> -----Ursprüngliche Nachricht-----
> Von: Jacques Le Roux<jacques.le.r...@les7arts.com>
> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org
> Betreff: Re: distTar
>
> Hi Ingo,
>
> You don't need to use
>
> ./gradlew "ofbiz start"
>
> ./gradlew ofbiz
> is enough and does not generate zip/tar.
>
> This said I'm currently working on a feature that was lost when
> common-theme was put in. Fortunately tt was then documented by these
> FIXMEs #FIXME the image server path need to be moved on runtime #FIXME
> the image management path need to be moved on runtime
>
> The idea is to not have the images under OFBiz tree but in a specific
> location unrelated to OFBiz.
>
> I'm actually also working on this for security reason. It's a NSA
> recommendation*:
>
> <<Officials explained that web applications should not be given
> permissions to write directly to a web accessible directory or modify web
> accessible code.
> “Attackers are unable to upload a web shell to a vulnerable application
> if the web server blocks access to the web accessible directory,”
> according to the guidance. “To preserve functionality, some web
> applications require configuration changes to save uploads to a non-web
> accessible
> area.”>>
>
> “To preserve functionality, some web applications require configuration
> changes to save uploads to a non-web accessible area.” That's exactly what we
> lost with common-theme. Fortunately it was documented and I stumbled upon it
> while working on related security issues.
>
> Having images, and at large static files, in a specific location can also
> allow to speed things...
>
>
> HTH
>
> Jacques
> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malwa
> re-vulnerabilities-mitigation
>
>
> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit :
>> Hi everybody,
>>
>> I have a question about building ofbiz. In previous versions for example
>> 17.12 I had the following process:
>>
>> ./gradlew build (build the project and see if everything is fine)
>> ./gradlew "ofbiz start"
>>
>> Now I am working with the current trunk and when I start ./gradlew build it
>> starts "disttar" and generates a .tar and a .zip. As I have lots of images
>> in a project it uses lots of disk space and time. Is my process wrong? Is
>> there "correct" way of how it should be done?
>>
>> Thanks for every hint.
>>
>> Best regards,
>> Ingo
>>
>>
