[Koha-devel] writing a file on server from staff interface
Galen Charlton
gmc at esilibrary.com
Tue Sep 24 21:41:50 CEST 2013
Hi,
On Tue, Sep 24, 2013 at 12:31 PM, Mathieu Saby <mathieu.saby at univ-rennes2.fr
> wrote:
> 1- how to put the file in /etc/ of installation directory (in discussion)
> 2- how to allow the perl script (from staff interface) to write or rewrite
> the yaml configuration file if a librarian decides to change some settings.
>
> If I do nothing special, YAML::DumpFile fails to (re)write the file,
> because - I suppose - the apache user does not have rights to access the
> server.
> So, for the moment, the only way I found to make my config file editable
> is "chmod 666".
> But I suppose it is not very safe...
>
It is indeed not very safe -- this is actually one of the (implicit)
reasons why I was suggesting that the configuration be stored in the
database. If nothing else, the output of YAML::DumpFile could be stored in
a syspref; while this would likely not be best possible design, it is much
better IMO to do that than open a potential security hole by having Koha
write to the filesystem -- /especialy/ a configuration file.
Regards,
Galen
--
Galen Charlton
Manager of Implementation
Equinox Software, Inc. / The Open Source Experts
email: gmc at esilibrary.com
direct: +1 770-709-5581
cell: +1 404-984-4366
skype: gmcharlt
web: http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130924/5c4245bb/attachment.html>
More information about the Koha-devel
mailing list