Simpler Bugzilla

["Andrés G. Aragoneses"]

Max Kanat-Alexander wrote:
> On Tue, 12 Aug 2008 13:55:50 +0200 "Andrés G. Aragoneses"
> <knocte at NO-SPAM-PLEASE-gmail.com> wrote:
>> - wrt the permission problems about the user running the web browser, 
>> would it be feasible to prompt a password dialog to the user
>> requesting him root access, and then the webapp sudoing the call to a
>> script? 
> 
> 	I think that might be forbidden (or not do-able) by Apache or
> Perl, particularly in the sort of situations where a user would have to
> use a web script (suexec on shared hosting).

What about creating a web based UI to configure this initial parameters, 
and when submitted, instead of running a script, they would be kept in a 
file, and inform to you to run the script as root. This way we drop the 
edit-file config philosophy.


>> Of course, this wouldn't suppose a security problem if
>> restricted to a local (not-remote) user (web page visitor).
> 
> 	If you're a local user, you can use checksetup. The web script
> is useful mostly for remote users.

IMO web-driven configuration is much more user-friendly, either if 
you're a local or remote user.

> 
>> Anyway, if it can't be done in the near future, do we already (or do
>> you think it's interesting) to at least present an informational
>> message in bugzilla's main page requesting the user to run
>> checksetup/localconfig at an initial installation?
> 
> 	We could possibly do something like that. Of course, it's
> checksetup.pl that sets the permissions so that Apache can read and run
> index.cgi, so it probably wouldn't be very useful. We could add an
> index.html that checksetup deletes, maybe.

Yes, that sounds like an interesting first approach, but what do you 
think on my ideas above?

Thanks,

	Andrés

-- 
_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla