[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debconf web frontend

Mourad De Clerck wrote:
> Now, as far as i can tell the current "web" frontend has a couple of 
> limitations.

The biggest limitation is that it is completly insecure. There is no
authentication. Everything is cleartext.

The second biggest limitation is that it is well, the world's crummiest
256 line web server. In particular, it can serve one request at a time,
and if you so much as reload the page, you will mess up its internal

It's a proof of concept hack -- "hey look, debconf can be shoehorned
into the web" -- not production code. To make it really usable as a
production server, it should probably be changed to use a real web
server, or at least a dedicated process, to serve web requests, with
some kind of communication between there and debconf. It should also be
changed to use SSL and some form of real authentication.

> Another unrelated question: we also need to be able to backup the 
> configuration files easily (just backup etc, basically). Now I thought I 
> didn't have to backup the debconf db in /var, is this still true?

Depends on if you're using debconf 0.9 -- if so, the db is in
/var/cache, and a number of interesting refinements ar epossible..

see shy jo

Reply to: