Taras, On Mon, Apr 9, 2012 at 8:56 AM, Taras <ox...@oxdef.info> wrote: > Andres, > > >>> * moved sessions dir to w3af's tmp dir (currently /tmp/w3af/PID/). This >>> change makes possible to clean up these unnecessary files after w3af >>> finish its work. >> >> >> I'm not 100% sure about this change, let me explain why: >> >> * I see the great benefit in having this in the /tmp/ directory (your >> disk shouldn't fill because each time you reboot all the "w3af garbage >> disappears) > > Furthermore if w3af finishs its work correctly then these files also will be > deleted.
Ok, >> * I also see that in a multi-user environment user A running a w3af >> scan would be exposing to all the other users which targets he's >> scanning > > Agree, but in any case we need to change mode for w3af's temp dir to > drwx------. It will fix this issue. Ok, can you do this? > >> * /tmp/ directory usually has a disk partition quota, which might be >> filled very quickly > > Agree, so I suggest changing TEMP_DIR e.g. to ~/.w3af/tmp Currently the whole thing is stored in ~/.w3af/sessions/db_defaultSession-<date>_traces/ , and you want to move it to ~/.w3af/tmp , correct? This has the intention of removing the ~/.w3af/tmp directory when the process finishes, correct? What if there are two different processes running? Would one remove the data from the second one? (damn I'm soooooo annoying!) > >> If we solve the last two points (not sure how), there wouldn't be >> any issues with doing this. >> >>> If you don't mind I will commit it to the trunk: fresh histrory.py and >>> gtkOutput.py >>> >>> By the way do we need gtkOutput plugin now? Currently only Queue >>> functionality is in it. >> >> >> Could you please refresh my mind regarding the self.queue >> attribute? Where/When is it used? > > Goood question! I also don't remember when is it used :) > And simple grep didn't make any results. If you want to remove the plugin, which I wouldn't think is a bad idea, please do the proper analysis to see where and how it is used. Regards, >> >>> [0] https://sourceforge.net/apps/trac/w3af/changeset/4850 >>> >>> -- >>> Taras >>> http://oxdef.info >>> >>> >>> ------------------------------------------------------------------------------ >>> For Developers, A Lot Can Happen In A Second. >>> Boundary is the first to Know...and Tell You. >>> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! >>> http://p.sf.net/sfu/Boundary-d2dvs2 >>> _______________________________________________ >>> W3af-develop mailing list >>> W3af-develop@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> >> >> > > > -- > Taras > http://oxdef.info -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
