Topic: SQL Ledger How To and ibay security

[timn]

Hi
I have installed sql-ledger using the excellent HowTO http://no.longer.valid/phpwiki/index.php/How%20to%20install%20SQL-Ledger%20on%20SME%207.0 and all worked great.

However I noticed that I could access sql-ledger from the web irrespective of the ibay security setting in server-manager. The custom template seems to me to override the ibay settings in httpd.conf. Based on the info in http://www.sql-ledger.org/cgi-bin/nav.pl?page=misc/faq.html&title=FAQ under the section entitled 'The requested URL /sql-ledger/admin.pl was not found' I have modified my 95sql-ledger template to just read

<Directory /home/e-smith/files/ibays/sql-ledger/html>
AddHandler cgi-script .pl
Options ExecCGI Includes FollowSymlinks
</Directory>

<Directory /home/e-smith/files/ibays/sql-ledger/html/users>
Order Deny,Allow
Deny from All
</Directory>

Now I can control access as per the normal ibay settings and everything appears to work fine.

Is this right? I am a new to SME Server and linux so would appreciate feedback if I have got this wrong.

Tim

[cactus]

Hi
I have installed sql-ledger using the excellent HowTO http://no.longer.valid/phpwiki/index.php/How%20to%20install%20SQL-Ledger%20on%20SME%207.0 and all worked great.

However I noticed that I could access sql-ledger from the web irrespective of the ibay security setting in server-manager. The custom template seems to me to override the ibay settings in httpd.conf. Based on the info in http://www.sql-ledger.org/cgi-bin/nav.pl?page=misc/faq.html&title=FAQ under the section entitled 'The requested URL /sql-ledger/admin.pl was not found' I have modified my 95sql-ledger template to just read

<Directory /home/e-smith/files/ibays/sql-ledger/html>
AddHandler cgi-script .pl
Options ExecCGI Includes FollowSymlinks
</Directory>

<Directory /home/e-smith/files/ibays/sql-ledger/html/users>
Order Deny,Allow
Deny from All
</Directory>

Now I can control access as per the normal ibay settings and everything appears to work fine.

Is this right? I am a new to SME Server and linux so would appreciate feedback if I have got this wrong.

Tim

The advice is not to install web applications in an ibay, but create a separate directory in the /opt directory for the application and make a template in the /etc/e-smith/templates-custom/httpd/conf/httpd.conf directory to make it available to the webserver.

If you wish to have authentification you can use Apache's mod_auth library and external password verification using the pwauth script.

[timn]

OK, point taken - I have seen reference to this elsewhere.

However the How To specifically describes installing sql-ledger in an ibay. The point of my post was thus to highlight that the HowTo appeared to break the normal ibay security, and I was rasing this together with how I think I have fixed it - and that maybe the HowTo needed changing to reflect this.

If we stick with 'don't install in an ibay', then the HowTo needs changing for this anyway - and I am not suffciently conversant with apache yet to be able to get the custom template right.

Anyway I have installed in ibay, modified template and it seems to work. Apart from the fact I shouldn't have installed in an ibay is my modification correct?

Tim

[cactus]

Anyway I have installed in ibay, modified template and it seems to work. Apart from the fact I shouldn't have installed in an ibay is my modification correct?

Tim

It seems allright to me as long as you have specified that your access is global and without a password for everyone, otherwise information is missing in the configuration directive.

[cactus]

However the How To specifically describes installing sql-ledger in an ibay. The point of my post was thus to highlight that the HowTo appeared to break the normal ibay security, and I was rasing this together with how I think I have fixed it - and that maybe the HowTo needed changing to reflect this.

If we stick with 'don't install in an ibay', then the HowTo needs changing for this anyway - and I am not suffciently conversant with apache yet to be able to get the custom template right.

Bug 1491 filed.

[timn]

It seems allright to me as long as you have specified that your access is global and without a password for everyone, otherwise information is missing in the configuration directive.

Not exactly sure what you mean - I am still trying to learn all this being a newbie.

I have set ibay security to allow internet access but with passwords outside of local network, and with dynamic content enabled. httpd.conf contains

#------------------------------------------------------------
# sql-ledger ibay directories (SQL Ledger Accounting)
#------------------------------------------------------------

<Directory /home/e-smith/files/ibays/sql-ledger/html>
    Options None
    Options +Indexes
    Options +Includes
    AllowOverride None
    order deny,allow
    deny from all
    allow from 127.0.0.1 192.168.1.0/255.255.255.0
    AuthName "SQL Ledger Accounting"
    AuthType Basic
    AuthExternal pwauth
    require user sql-ledger
    Satisfy any
</Directory>

<Directory /home/e-smith/files/ibays/sql-ledger/cgi-bin>
    Options ExecCGI
    AllowOverride None
    order deny,allow
    deny from all
    allow from 127.0.0.1 192.168.1.0/255.255.255.0
    AuthName "SQL Ledger Accounting"
    AuthType Basic
    AuthExternal pwauth
    require user sql-ledger
    Satisfy any
</Directory>

<Directory /home/e-smith/files/ibays/sql-ledger/files>
    AllowOverride None
    order deny,allow
    deny from all
    allow from 127.0.0.1 192.168.1.0/255.255.255.0
    AuthName "SQL Ledger Accounting"
    AuthType Basic
    AuthExternal pwauth
    require user sql-ledger
    Satisfy any
</Directory>

inserted by server manager configuration, and then the 95sql-ledger custom template fragment appears inserted lower down

tim