Maybe we should use the .php extension for all config files? Even if they aren't PHP sourcefiles? This way their contents could be protected by a line like this on top:
# <?php exit()?>
Anyone wants to supply a patch?
Ok, as I need it, I'll give it a try. I've looked at it. Before going ahead, I would appreciate a review of the work spec proposal:
- minimal effort - only truly sensitive files will be "scriptified".
Okay, makes sense to me
- The sensitive files are in subdir conf: acl.auth and user.auth. They will be renamed to acl.php and user.php.
correct. Or should they be named acl.conf.php and user.conf.php ?
- Distribution versions (.dist) will be provided by renaming the existing ones and inserting the php exit hack.
- The renaming can be propagated in the source code with a 'darcs replace' command.
I never used it, but that should work.
- No changes to the parsing and handling of the files will be required, as the php exit hack is embedded in a script comment.
- Automatic upgrade feature: in the init.php file, a provision will be added to upgrade existing installations automatically. Existing acl.auth and user.auth files will be copied to a php version with the php exit hack.
Sounds good but may have some permission problems if the directory isn't writable and the new files can't be created.
Good news: I have the patch, along the lines discussed earlier. Bad news: it doesn't work :-)
It turns out that lines starting with '#' are *also* comments in php (Grr!). So the php code has to be uncommented - and we have to be careful with the parsing of the files.
I'm pausing for a minute to see what the least messy solution could be. Suggestions welcome.
-- Jan Decaluwe - Resources bvba - http://jandecaluwe.com Losbergenlaan 16, B-3010 Leuven, Belgium Using Python as a hardware description language: http://jandecaluwe.com/Tools/MyHDL/Overview.html -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist