Documentation
WebAppInstaller |
I want to dedicate this page to think of implementation solutions for the webbased installer.
I had some chats with Ralf and Nelius in the German Schwarzwald about the webbased installer and the problems that rise when implementing it. One big problem is the security leak you introduce when you make it possible to run downloaded scripts. EGroupware can be comprimized by uploading a evil script and running it.
We discussed that if we could use a local ftp or scp connection to put the files on the correct location we could install applications safely. We currently have a ftp client so we can allready use its functions to create a ftp connection. Problem is that not all webservers have ftp activated as this is a very unsafe protocol. A lot of servers use scp as file transfer protocol. Unfortunately php can not talk ssl and using system apps is also not garanteed to work on every envorinment.
links:
With Ralf together i had a talk with a PEAR Guy who told us about the new PEAR package manager.
[quote pear.php.net]
The packages that do not come with PHP can be installed with the PEAR package manager. The manager is comparable to Debian's "apt-get".
[\quote]
It was a really interesting talk, cause this installer could exactly be what we need.
Useing this package manager would also solve the old problem, how to act with pear libs. We can use them without shipping them and so have no problems with gpl
links:
I had some chats with Ralf and Nelius in the German Schwarzwald about the webbased installer and the problems that rise when implementing it. One big problem is the security leak you introduce when you make it possible to run downloaded scripts. EGroupware can be comprimized by uploading a evil script and running it.
We discussed that if we could use a local ftp or scp connection to put the files on the correct location we could install applications safely. We currently have a ftp client so we can allready use its functions to create a ftp connection. Problem is that not all webservers have ftp activated as this is a very unsafe protocol. A lot of servers use scp as file transfer protocol. Unfortunately php can not talk ssl and using system apps is also not garanteed to work on every envorinment.
links:
- http://pecl.php.net/package/ssh2 - work towards ssh support in PHP
(cor)nelius's 2 cent
With Ralf together i had a talk with a PEAR Guy who told us about the new PEAR package manager.
[quote pear.php.net]
The packages that do not come with PHP can be installed with the PEAR package manager. The manager is comparable to Debian's "apt-get".
[\quote]
It was a really interesting talk, cause this installer could exactly be what we need.
- Any package has a package description in a simple xml-file. With this file dependencies can be resolved
- The package Manager can handle many "channels" aka reposotorys. Dependencies could also point to a different slot.
Useing this package manager would also solve the old problem, how to act with pear libs. We can use them without shipping them and so have no problems with gpl
links:
- http://pear.php.net/manual/en/installation.php#installation.introduction
- http://pear.php.net/package/PEAR_PackageFileManager
- http://pear.php.net/manual/en/guide.developers.package2.php