Koozali.org: home of the SME Server

CMS

grunt

CMS
« on: July 30, 2006, 01:13:23 AM »
I am just an old disabled guy that plays with the computer as a hobby. Not an Xpert in any thing!

I ran across SME and love it.

Would like a little feed back. I am looking for a CMS to set up on the web, and need input as to what works well with SME server. Open source types only, disability checks don't allow for $$$.

I want it as secure as can be reasonably expected in todays world, and would really like the ability for users to have a secure login available.

Easy to install on SME would be a big plus. I like MetaDot fine, and it install like silk, but appears to run a mite slow. so I am looking for suggestions. I have it tweaked with the recommened tweaks.

Any feed back would be appreciated, although no rush is necessary.. I don't do rushing any more.

Thanks, and hello to all, hope I am on topic in this thread.

Again, many thanks in advance,
Ed

Offline fpausp

  • *
  • 728
  • +0/-0
CMS
« Reply #1 on: July 30, 2006, 08:36:10 AM »
Viribus unitis

Offline greg

  • **
  • 51
  • +0/-0
CMS
« Reply #2 on: July 30, 2006, 12:46:28 PM »
Hi,

I can warmly recommend TYPO3 (http://typo3.org)
It runs fine under SME7 - and have hundreds of extensions. It can be configured in just the way you like...

However, even that the documentation is extensive - it requires some time to get a site running.

But, if you have the patience, you will experience a CMS system much more powerfull than Mambo, Postnuke, Joomla and others... In fact - several reviews compare the TYPO3 with commercial CMS systems at USD 200k.

Just my 2c..

/G

duncan

CMS
« Reply #3 on: July 30, 2006, 02:39:04 PM »
Take a look at http://www.opensourcecms.com/

You can play with demos to your hearts content. Drulpals not bad as well.

grunt

Thanks
« Reply #4 on: July 30, 2006, 03:31:41 PM »
Thanks much for the feedback.  All are fine suggestions.

I like all three, Typo is one that I really like playing with, (that's all I do is play), but I was guessing that it would be harder than ever to get it running under SME.

So much for guessing, I suppose.

With only an 9th grade education, old age, and being an old former Marine, grey matter is in short supply.

I'm going to try these setups, with my limits, they should keep me busy for quite a spell!

Thanks Much!
Ed

Offline stephen noble

  • *
  • 607
  • +1/-0
    • Dungog
CMS
« Reply #5 on: August 16, 2006, 03:53:38 PM »
an alternate implementation of joomla
this is installed in /opt/joomla rather than Primary

http://www.dungog.net/sme/webapp.php#joomla

Offline EdelingF

  • ****
  • 215
  • +0/-0
CMS
« Reply #6 on: August 21, 2006, 07:52:56 PM »
Stephen, I tried to install the dungog RPM, but gave an error on the db username and/or password.
Has there been any changes?
...

Offline mdo

  • *
  • 355
  • +0/-0
CMS
« Reply #7 on: August 22, 2006, 01:52:58 AM »
Quote
but gave an error on the db username and/or password.


I just tried an installation here on a test system, followed exactly the instructions and it worked fine. Have you used the proper mysql password eg.:

config show joomla
joomla=service
    DbPassword=+ObgSUzK2IVoPs/ ... cut ...

Michael
...

Offline stephen noble

  • *
  • 607
  • +1/-0
    • Dungog
CMS
« Reply #8 on: August 22, 2006, 09:59:10 AM »
Thanks Michael

It was the password  
DbPassword=+ObgSUzK2IVoPs/ ... cut ...

Offline EdelingF

  • ****
  • 215
  • +0/-0
CMS
« Reply #9 on: August 23, 2006, 04:28:00 PM »
Yes, it was the password :hammer:
ToolTimes at work

I took the HowTo to litteral, I entered 'config show joomla' as the password.....

I must say, install is very easy and very quick. Nice CMS!
Thanks

Freek
...

uomonet

CMS
« Reply #10 on: September 24, 2006, 02:31:04 AM »
Hi guys!
I found dungog rpms to install joomla wich I was interested to.
After installation (very easy!!!) I have 2 questions for you:

1.Snoble wrote
Quote
an alternate implementation of joomla
this is installed in /opt/joomla rather than Primary

http://www.dungog.net/sme/webapp.php#joomla
Is there a way to have joomla working in the www.mysite.xx (not www.mysite.xx/joomla) directory? Or is there a way to redirect it there?

2.Dungog says:
Quote
to add a more memorable URL eg. YourServer.net/site
config setprop joomla URL site
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd-e-smith restart
pico -w /opt/joomla/configuration.php and
edit $mosConfig_live_site from joomla to site
I've done so, but now I can access joomla in "www.mysite.xx/joomla" and "www.mysite.xx/site" at the same time!!! Where is the problem?

Offline raem

  • *
  • 3,972
  • +4/-0
CMS
« Reply #11 on: September 24, 2006, 10:38:20 AM »
uomonet

pico -w /opt/joomla/configuration.php and
edit $mosConfig_live_site from joomla to site

Did you make the above change ?
...

Offline stephen noble

  • *
  • 607
  • +1/-0
    • Dungog
CMS
« Reply #12 on: September 24, 2006, 11:14:47 AM »
>is there a way to redirect it there?

it's a question everyone wants to know
raise it as a bug, but we don't know how to fix it

if you have to have this just install in an ibay

>but now I can access joomla in "www.mysite.xx/joomla" and "www.mysite.xx/site

is it a problem ?
some joomla code looks for the /joomla directory
so we added an extra /dir instead or replacing the original

stephen

Offline EdelingF

  • ****
  • 215
  • +0/-0
CMS
« Reply #13 on: September 24, 2006, 11:50:29 AM »
I just used something I found in one of the forums and made a index.php in html of Primary:

?php
echo "<script>self.location = 'http://www.mysite.nl/site';</script>";
?>


It seems to do the thing
...

uomonet

CMS
« Reply #14 on: September 25, 2006, 12:20:13 AM »
EdelingF and snoble
For redirection I use this html "index.htm" in "primary"
Quote
<HTML>
<HEAD>
<TITLE>Redirect...</TITLE>
<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http://mysite.xx/site">
</HEAD>
</HTML>


RayMitchell
Quote
uomonet

pico -w /opt/joomla/configuration.php and
edit $mosConfig_live_site from joomla to site

Did you make the above change ?

YES... Did you read my post?

fpausp
Quote
Hi,

Maybe you like Joomla:

http://schwarzecker.homelinux.net/index.php?option=com_remository&Itemid=28&func=selectfolder&filecatid=41


regards
fpausp
I've tried this contrib and seems to work fine! Do you think that install joomla in "opt\joomla" is better than in "primary"? Why?

uomonet

CMS
« Reply #15 on: September 25, 2006, 02:20:10 AM »
to snoble
Quote
if you have to have this just install in an ibay
I need to access the joomla dir to overwrite files in my language (ITA). I've tried to make an ibay called joomla but it's not possible: SME Server says "the account joomla already exist". I can't ftp the \opt\joomla dir. What can I do?

Offline Rien

  • *
  • 216
  • +0/-0
    • http://www.taurix.nl
CMS
« Reply #16 on: September 26, 2006, 11:28:13 PM »
I've serveral Joomla! sites. I follow always the following steps:

Create database:
===========

Login as root and type 'mysql'. At the mysql promt:
Code: [Select]
CREATE DATABASE yourdatabasename;
GRANT ALL PRIVILEGES ON yourdatabasename.* TO yourdatabasename@localhost IDENTIFIED BY 'yourpassword';
FLUSH PRIVILEGES;
quit


(choose your own name for "yourdatabasename" and "yourpassword")

Create ibay:
========
Create a new ibay or use Primary
Go to the "html" directory of your ibay and delete the file "index.htm".


Make the "PHP session save-path" writable:
=========================
Code: [Select]
/sbin/e-smith/db accounts setprop youribayname PHPBaseDir /home/e-smith/files/ibays/youribayname/:/tmp
/sbin/e-smith/signal-event ibay-modify youribayname


(change "youribayname")

Get the software:
===========
Get the latest version from the Joomla! site:

http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_11/frs6655?dl=1

Unpack the file with:

Code: [Select]
tar -zxvf Joomla_1.0.11-Stable-Full_Package.tar.gz

and copy the directories and files to the "html" directory of your ibay.


Start Joomla!
=========

In your browser type:
Code: [Select]
http://your.domain.name/youribayname

Follow the instructions of the install-program.
The install-program will tell you which directories you have to make writable.
In your ibay's html-directory you can make them writable with:
Code: [Select]
chmod -R 777 mambots modules ........... (I don't remember exactly which directories you have to make writable but the install program will tell you)

You can get your language files from: http://extensions.joomla.org/component/option,com_mtree/task,listcats/cat_id,1837/Itemid,35/. Unpack and copy them to
Code: [Select]
/home/e-smith/files/ibays/youribayname/html/language

There are a lot of add-ons and templates. I use the templates from http://www.rockettheme.com/
You can find add-ons at http://www.joomlaresource.com/

success
Rien
(The Netherlands)......

uomonet

CMS
« Reply #17 on: September 28, 2006, 12:28:25 AM »
Great post Rien  :D Very useful for me!
I'm new to joomla. Have you tried other CMSs?
everything is clear for me now... so I don't need a "special" contrib to install joomla! I can download and install the italian version from http://www.joomla.it
The only think I still don't understand is:
Quote
Make the "PHP session save-path" writable:
=========================
Code:
/sbin/e-smith/db accounts setprop youribayname PHPBaseDir /home/e-smith/files/ibays/youribayname/:/tmp
/sbin/e-smith/signal-event ibay-modify youribayname


(change "youribayname")
Please, what is for? :shock:

Offline Rien

  • *
  • 216
  • +0/-0
    • http://www.taurix.nl
CMS
« Reply #18 on: September 28, 2006, 04:54:01 PM »
Hi uomonet,

My son plays in a football team and they want their own website. My first website was entirely in HTML. But I was the single point of failure because I had to place all the content on the site by myself.

So I looked for a cms that was easy enough to understand for me as well as for those who have to put content on the site.

I first tried Xoops. Easy to install but it took me some time to make it look nice.
Then I tried Plone (on top of Zope) under SME6. I think Plone is a much better cms than Joomla! because it has a sofisticated authorisation structure combined with real workflow. It is written in Python and is a layer on top of Zope with its own webserver, objectdatabase and so on. Because of this structure it is much slower and for a newbie much more difficult to understand and to modify.

Than I tried Mambo. Very easy to install, al lot of add-ons available and very easy to use. It has no real workflow capabilities and the authorisation structure is very flat. But that is no problem in my case.

I tried to install Typo3, but untill now I didn't succeed.

Joomla is based on Mambo and has the same structure for now. Joomla 1.5 will be quite different.

There are also very good templates available for Joomla (see http://www.rockettheme.com/). I use the 'Versatility II' template (see http://fczcsel.mlkok.nl)

I know very little about PHP, but when you install Joomla it needs some directories to be writable. It also checks for the 'PHP session save path" to be writable. PHP needs a place to store its session data in. It is normally not writable.

To install Joomla! you don't need a contrib. Just download the Italian version of Joomla or download the international version with the Italian language pack.
Rien
(The Netherlands)......

grunt

CMS
« Reply #19 on: October 05, 2006, 12:22:06 AM »
Just a little update. Been trying MODX, and it is so easy, I have to wonder,

Does anyone know if it is secure, (as php apps go) as your usual mess? I am not worried about the site security, it's just a hobby, but do care about the server security?

NE1 have an opinion?

Thanks,
Ed

Offline polarair

  • *
  • 32
  • +0/-0
    • http://www.cosoprinting.nl
CMS
« Reply #20 on: October 20, 2006, 10:58:08 AM »
Rien,

Do you have any ideas about the new Joomla 1.5 as you are running the current version.

Im developing a website at this moment with joomla 1.011 but i dont wat to mess up the future 1.5 features today.
Cheers
Mike
live is to short not to enjoy it :lol: ......

Offline Rien

  • *
  • 216
  • +0/-0
    • http://www.taurix.nl
CMS
« Reply #21 on: October 20, 2006, 02:33:51 PM »
Hi,

Well, 1.011 works great. But 1.5 is new so I want to find out what the difference is between 1.011 en 1.5 and what problems I can expect when migrating.

The only thing I'm missing in 1.011 is an advanced structure of authorisation (it is very flat in 1.011). It will come in later versions of 1.5 if I'm well informed.
Rien
(The Netherlands)......

drfresh

CMS
« Reply #22 on: February 01, 2007, 09:49:54 AM »
I've only just discovered this post.

Rien, it might be a stupid question - sorry - but what is the procedure if I want Joomla as CMS for my main page; e.g. not installed in an ibay?

And are there any conciderations/changes regarding your procedure with respect for the upcomming version 1.5?

There will probably be questions about how to opgrade  :)

Thanks - this is the kind of how-to's I like!

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
CMS
« Reply #23 on: February 01, 2007, 02:17:01 PM »
Quote from: "drfresh"

Rien, it might be a stupid question - sorry - but what is the procedure if I want Joomla as CMS for my main page; e.g. not installed in an ibay?


I believe that SMEServer 'policy' is not to install web apps in iBays.
Regards,
William

IF I give advise.. It's only if it was me....

Online Stefano

  • *
  • 10,836
  • +2/-0
CMS
« Reply #24 on: February 01, 2007, 02:58:28 PM »
Quote from: "william_syd"

I believe that SMEServer 'policy' is not to install web apps in iBays.


just a stupid question: why?

please explain it thinking i'm 5 years old :-D

ciao

Stefano

Offline Rien

  • *
  • 216
  • +0/-0
    • http://www.taurix.nl
CMS
« Reply #25 on: February 01, 2007, 08:22:05 PM »
Hi drfresh,

If you want Joomla! as CMS for your main page, you just have to install it in the "special" ibay called "Primary".

I place all my webapps in ibays (and Primary) but wasn't aware of a "SME policy". Why, isn't it safe enough?

It is very handy because you can direct virtual domains to ibays. How can you direct your virtual domains to ibays if you don't install them in ibays? (I suppose with "ProxyPass")
Rien
(The Netherlands)......

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
CMS
« Reply #26 on: February 01, 2007, 11:41:21 PM »
Quote from: "nenonano"

just a stupid question: why?



I don't know. I've just seen it posted around the place.

Where I first saw it spelled out.
http://lists.contribs.org/mailman/public/devinfo/msg09462.html
Regards,
William

IF I give advise.. It's only if it was me....

drfresh

CMS
« Reply #27 on: February 09, 2007, 12:50:55 PM »
Quote
If you want Joomla! as CMS for your main page, you just have to install it in the "special" ibay called "Primary".


 :lol:

Thanks!

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #28 on: February 09, 2007, 03:43:55 PM »
drfresh this isn't correct. You can install in any ibay, but you have to point your dns to it. Eg: www.domain.com points to ibay2.
But it is true that the defaults are set for primary ibay.
"It should just work" if it doesn't report it. Thanks!

drfresh

CMS
« Reply #29 on: February 09, 2007, 05:03:44 PM »
Quote from: "bpivk"
drfresh this isn't correct. You can install in any ibay, but you have to point your dns to it. Eg: www.domain.com points to ibay2.
But it is true that the defaults are set for primary ibay.


Dough! Now I'm confused? Do you meen, that I can or can't do as Rien says?

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #30 on: February 09, 2007, 06:14:09 PM »
You can install where you want when you want.  :)  Is this explanation ok?
"It should just work" if it doesn't report it. Thanks!

drfresh

CMS
« Reply #31 on: February 09, 2007, 06:29:17 PM »
Quote from: "bpivk"
You can install where you want when you want.  :)  Is this explanation ok?


Yeah, well - it's only that you said "DrFresh this isn't correct". It got me rather confused. What was it that wasn't correct? But I'll give it a try...

Thanks!

Offline grattman

  • ***
  • 122
  • +0/-0
CMS
« Reply #32 on: February 09, 2007, 08:29:10 PM »
Okay...this is getting convoluted..

You can install joomla in any Ibay you desire, including the Primary. If you install it in Primary, you are all done. However, if you create another Ibay, you will need to change the Ibay it points to within the domians portion of the server-manager.

So...I create an Ibay name foo with a description of Foo Joomla. I set up Joomla in the Ibay called foo and everything works nifty. Except, I don't like www.mydomain.com/foo - I want it to just be www.mydomain.com

You would log into server-manager, choose Domains under Configurations. You then click on Modify. You then choose the appropriate Ibay (the description you gave your foo Ibay – Foo Joomla) from the Content dropdown and click the Modify button.

Viola...your domain now points to an Ibay other than Primary.

Hope this helps.

Grattman
...

drfresh

CMS
« Reply #33 on: February 09, 2007, 11:28:15 PM »
Thanks a lot Gratmann! Now it all makes sence. Then I can expriment and do some testing using an ibay for it without screwing my primary ibay up.

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #34 on: February 09, 2007, 11:58:09 PM »
Quote from: "drfresh"
What was it that wasn't correct?

That you have to install in primary domain. You don't have to. That was all. Sorry for the confusion.
"It should just work" if it doesn't report it. Thanks!

Offline hendrikus

  • 13
  • +0/-0
CMS
« Reply #35 on: February 11, 2007, 04:38:23 AM »
Hi William,

I understand that it's better to install ie Joomla, vTiger, WebERP in the /opt/ folder. Everytime I see quotes refering to the same statement (http://lists.contribs.org/mailman/public/devinfo/msg09462.html), but many people who install the SMEserver are actualy WindowsXP users working with WAMP like webservers.
Refering to
http://sme.firewall-services.com/spip.php?article23 and this post, we got a clearly step by step explenation how to setup Joomla or vTiger.

Quote from: "william_syd"
Quote from: "drfresh"

Rien, it might be a stupid question - sorry - but what is the procedure if I want Joomla as CMS for my main page; e.g. not installed in an ibay?


I believe that SMEServer 'policy' is not to install web apps in iBays.


Maybe there is allready someone who create a clear step-by-step manual how to do it in the /opt/ way, but I couldn't find it. I agree I-Bay's arent the best place to install company critical applications, simply because the admin is able to delete the complete I-Bay within the server-manager if I'm not wrong.

regard's
Hendrikus

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
CMS
« Reply #36 on: February 11, 2007, 05:08:10 AM »
A lot of the work is done for you by those who produce rpms..

http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=viewdownload&cid=6&newlang=eng
http://www.dungog.net/sme/webapp.php

Maybe pull one of their rpms apart to see how it works.

Here is a how-to I wrote for vTiger using /opt

https://secure.magicwilly.info/phpwiki/index.php?pagename=How-to%20install%20vtigerCRM

Install phpmyadmin to setup databases.

There is one issue I have with web apps in /opt and that is using them as root content for domains.

This post has a few suggestions on how to do it.

I've raised a NFR bug for this. Bug 2460.
Regards,
William

IF I give advise.. It's only if it was me....

Offline hendrikus

  • 13
  • +0/-0
CMS
« Reply #37 on: February 11, 2007, 11:56:46 AM »
William,

I found all these messages during my search for answers how to do it, but found it very confusing, not one clear way how to install applications whatever it may be. The clearest way for me is still to install them in the Ibay...

Why it's not posible to select subdirectories of the primary website for subdomains ? that would be clear and similar to the way other hosting programs are doing it.  

Regard's
Hendrikus

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #38 on: February 11, 2007, 12:26:50 PM »
Because other software uses a place for storing web content (eg www) but sme uses ibays for this purpose. You can put subdirectories in ibays but then you'll just have to do with entries like http://ip/ibay/subdirectories
"It should just work" if it doesn't report it. Thanks!

Offline polarair

  • *
  • 32
  • +0/-0
    • http://www.cosoprinting.nl
continuing on this matter
« Reply #39 on: February 12, 2007, 08:18:19 PM »
Ok, now continuing on this matter, we have joomla in /opt or in an ibay great but also would like to get a forum in the joomla space. Should i now install the forum in a subdirectory where joomla lives or should ik get an ibay to install it there and have a www.mydomain.com/joomla/forum or www.mydomain.com/forum

any sugjestions are welcome

Mike :roll:
live is to short not to enjoy it :lol: ......

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #40 on: February 12, 2007, 10:19:56 PM »
This is the way i do it:

Every CMS uses internal (between pages) and external links (to other websites). So i installed e107 into one ibay and gallery2 into another.
Then i made a dns record to e107 ibay like www.domain.com and another for gallery like gallery.domain.com.
The only thing i had to do then was to make a link in e107 that pointed to gallery. Check my website to see how it looks (click on link galerija to see gallery2).

I hope that this is what you're looking for. And please take a note of domain name (primary domain will switch to gallery domain).
"It should just work" if it doesn't report it. Thanks!

pearless

Can I use dungog's joomla install to have multiple domains?
« Reply #41 on: March 11, 2007, 10:49:33 AM »
I currently have several domains hosted, each with it's own ibay.

Can I use the Dungog JOOMLA install to put multiple JOOMLA installs one in each ibay, would it work????

Is there a better way???

Cheers Douglas.

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #42 on: March 11, 2007, 05:48:06 PM »
No it wouldn't. Dungog's joomla is installed in /opt/joomla
You'll have to do it manualy and extract joomla to different ibays with a different databases.
"It should just work" if it doesn't report it. Thanks!

Offline andy_wismer

  • *
  • 107
  • +0/-0
    • ANWI-Net
CMS
« Reply #43 on: March 12, 2007, 01:54:15 AM »
Hi

As to the subject of /opt or iBay to install WebApps, ther are a few issues to consider:

If the SMEServer is a FileServer, quite often the permissions on iBays are readable (writeabld...) by shared. The www user is member of shared.

IBays show up as Windows shares on the server, making it "easy" to ruin a webapp from a windows workstation - even unknowingly or unwittingly...
Windows doesn't care about case, but tell that to SME/UNIX/PHP/Perl...

If using "virtual hosts", ibay content will only show up under a dedicatedly configured domain, or under the primary name of the server. This isn't very flexible. An iBay can not appear "under" several different domains.

Opt content will show up as default under all domains, if using the /alias/ method in httpd.conf.

Requirements and the above points should assist in deciding where to install app-x.

Using /opt does take a bit more work and know-how. Editing templates and setting permissions are among the requirements.

A SME (small and medium) company may not have a "guru" to setup a "hardened" server, but almost anyone who can read the fine manual and type in illustrated commands can install such a webapp in SME.

My 2 cts...

Andy Wismer

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #44 on: March 12, 2007, 12:18:07 PM »
Quote
An iBay can not appear "under" several different domains.

This isn't correct. It works just fine. You just have to set it to different domains. Try www.sishell.net and www.bezigrad.com they are the same ibay.
"It should just work" if it doesn't report it. Thanks!

Offline andy_wismer

  • *
  • 107
  • +0/-0
    • ANWI-Net
CMS
« Reply #45 on: March 12, 2007, 12:56:39 PM »
Hi

Sorry, I meant "at the same time".

I also host domains in ibays, of corse they work...

But I can't say install phpsysinfo in an iBay and make that appear under

www.domain1.com/phpsysinfo/
www.domain2.com/phpsysinfo/

That's what I meant by "dedicatedly configurated" an iBay.
An iBay can only be associated with one domain at a time.

If you REALLY need this, it's back to templates tuning...

Regards
Andy

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
CMS
« Reply #46 on: March 20, 2007, 08:49:52 PM »
I really cant understand why is not safe , install web app into ibays. I read all the post and the maillist listed in this topic but iam still not understand the security problem. I anybody can explain me very detailed i am going to give you thanks.
tks

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #47 on: March 20, 2007, 09:31:25 PM »
Ok i'll write in plain english. And could you please post in one topic because you allready opened another one with the same question.

People can access ibays and edit data there because it's on the internet. Well they aren't able to write data if you have a secure web app but every app that is installed in an ibay can be modified because it's on the internet (we're talking in theory here).
If you install an app in /opt you make a "shortcut" in SME (template) so that people can access this app but it's in fact seperated from the part of the sistem that can be accessed.

Edit: On another reading. I complicated things a little bit but it's hard to explain.  :)

And you didn't read enough posts if you still can't tell the difference because Charlie or Gordon had a long post a while back that explained why you should install apps in opt.

I'm not sure but i think that it was also mentioned in somwhere in wiki.
"It should just work" if it doesn't report it. Thanks!

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
CMS
« Reply #48 on: March 21, 2007, 03:23:45 PM »
bpivk
Quote
Ok i'll write in plain english. And could you please post in one topic because you allready opened another one with the same question.

Ok, i have not open any topic with the same question, in fact i ask a similar cuestion related to Joomla in a topic about it, and nobody answer , only you :
Every <put your script here> script will work from an ibay. But the prefered way of installing it would be into /opt (security reasons). Does this answer your question?
No, this answer is not good, only say security reasons , so please tell me which are them.

So a take my time to look for posts and wiki and other sites that answer my question, and the only that i found was in the wiki this:

Use chown www /path/to/dir
and preferably put your app in /opt/app not in an ibay


And in the forums this topic and for that reason i post a quiestion in this topic, hoping that anybody could helpme, but you appear again :

Quote
People can access ibays and edit data there because it's on the internet. Well they aren't able to write data if you have a secure web app but every app that is installed in an ibay can be modified because it's on the internet (we're talking in theory here).
If you install an app in /opt you make a "shortcut" in SME (template) so that people can access this app but it's in fact seperated from the part of the sistem that can be accessed.

Edit: On another reading. I complicated things a little bit but it's hard to explain. Smile

And you didn't read enough posts if you still can't tell the difference because Charlie or Gordon had a long post a while back that explained why you should install apps in opt.

I'm not sure but i think that it was also mentioned in somwhere in wiki.


OK this is a better answer but still not sufficient, and iam not lazzy or stupid like you say in other post, i only looking for a tecnical explication about why i have to use /opt instead /home/e-smith/files/ibays/ibayname , what is the difference? /opt is chrooted?? or what??
thks to everybody  that answer and no to insult to others people.

Offline jjcuk

  • *
  • 90
  • +0/-0
CMS
« Reply #49 on: March 21, 2007, 05:49:22 PM »
Hi lucho115

I think bpivk is trying to explain it as best he can but
try reading this thread by Abe Loveless,
I found it while asking myself the same question's
and found this to be one of the clearer explenations

http://forums.contribs.org/index.php?topic=22307.0

hope it helps

Jim C
Regards
Jim C

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #50 on: March 21, 2007, 06:12:04 PM »
Quote
I think bpivk is trying to explain it as best he can

Yes, and i'm starting to loose my patience with people that crosspost and don't understand plain english.  :x
"It should just work" if it doesn't report it. Thanks!

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
CMS
« Reply #51 on: March 21, 2007, 07:23:09 PM »
jjcuk

Thanks, but i had been read it in the past.
Idont know what to do with my sites into ibays, never bring me problems and  nobody can explain what the diference of put a web app into /opt or into an ibay (technically).

bpivk

You loose the patience? ok so dont answer any more a post that you dont know the answer, and you will be happy. I dont want to continue talking about you or me, iam only want a technical (in detail)response to my doubt.
thks

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #52 on: March 21, 2007, 07:38:42 PM »
Quote
You loose the patience? ok so dont answer any more a post that you dont know the answer,

As i have said. You have your responses in the forum, we have given you a lot of links and i have written you a detailed explanation on this topic.

Now i'm starting to think that you're:
1.) really bad at english and you don't understand what we're trying to tell you or
2.) you just don't want to think and understand what we're trying to tell you
"It should just work" if it doesn't report it. Thanks!

Offline cjensen

  • *
  • 133
  • +0/-0
    • http://acenet-tech.org
CMS
« Reply #53 on: April 24, 2007, 11:33:35 PM »
Quote from: "lucho115"

can explain what the diference of put a web app into /opt or into an ibay (technically).


Security.  If you don't know about the possible security problems with php then read about it.  On SME it has been mentioned many times (esp in recent years) that placing web apps in /opt is much more secure than in an already accessible ibay.  The reason... mostly because many php apps are themselves insecure + many authors/advisors/webadmins tell you to put them on your server and then chmod this or that to 777.  That is VERY insecure.  If you don't understand that then read about permissions and running a server.  If you still don't understand...

Read this page which Charlie Brady posts now and then:

http://www.eyrie.org/~eagle/faqs/questions.html

Craig

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
CMS
« Reply #54 on: April 25, 2007, 01:37:33 PM »
Quote
Security. If you don't know about the possible security problems with php then read about it. On SME it has been mentioned many times (esp in recent years) that placing web apps in /opt is much more secure than in an already accessible ibay. The reason... mostly because many php apps are themselves insecure + many authors/advisors/webadmins tell you to put them on your server and then chmod this or that to 777. That is VERY insecure. If you don't understand that then read about permissions and running a server. If you still don't understand...

Read this page which Charlie Brady posts now and then:

http://www.eyrie.org/~eagle/faqs/questions.html


OK, maybe because iam not an english speaker i cannt express correctly what was my doubt. I wana to try to express me better. One and again i repeat, i wana to somebody tell me technicaly the reasons thats make an insecure php code more insecure if it is in an ibay that if it is in /opt(iam not taking about file or directory permisions, thats is for beginers, iam an IT profesional since 9 years working with servers). At first I thought that the /opt directory was chrooted, but It does not, so iam only want to knows what security is implemented in /opt thats not in other common directory.
thanks, an sorry about my english.
bye

Offline cjensen

  • *
  • 133
  • +0/-0
    • http://acenet-tech.org
CMS
« Reply #55 on: April 25, 2007, 03:47:55 PM »
Quote

tell me technicaly the reasons thats make an insecure php code more insecure if it is in an ibay that if it is in /opt(iam not taking about file or directory permisions, thats is for beginers, iam an IT profesional since 9 years working with servers).


Depending on your permissions when you set up the Ibay, you have content accessible to either lan or web, so possibly everyone.  If you then install a php app and are careless about it's setup (or the php scripts themselves) you create possible exploit invitations.  Some php apps save insecure session data (id's, passwords, etc).  Some save database passwords (and some even root mysql passwords... heaven forbid).  Some link configuration files/directories and then suggest them to be chmoded to read-write EVERYONE.  Maybe you already know that.  But the combination of having an Ibay with access to the world and then installing an insecure app (whether php or otherwise) is BAD/INSECURE.

Craig

Offline Rien

  • *
  • 216
  • +0/-0
    • http://www.taurix.nl
CMS
« Reply #56 on: April 26, 2007, 12:55:06 AM »
Hi Craig,

I understand what you say.  I now have all my apps (secure and insecure) in ibays.

I want to move them to /opt.

I understand that I have to use aliases in httpd but I don't know how to do that.

Can I use dungog-proxypass for that purpose? So far I understand it can 'convert' url's to other url's and url's to virtual domains.
Rien
(The Netherlands)......