Differences between revisions 22 and 23
Revision 22 as of 2004-12-12 08:50:18
Size: 4332
Editor: anonymous
Comment:
Revision 23 as of 2009-03-16 03:29:52
Size: 4420
Editor: anonymous
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 21: Line 21:
 * Avoid asking for admin ("postgresql") password on ["PostgreSQL"] (for local connections)  * Avoid asking for admin ("postgresql") password on [[PostgreSQL]] (for local connections)
Line 23: Line 23:
   * Idea: Get the ["PostgreSQL"] maintainers to include a similar mechanism to the '''debian-sys-maint''' user in ["MySQL"]. It's just another entryp in =/etc/postgresql/pg_hba.conf=.    * Idea: Get the [[PostgreSQL]] maintainers to include a similar mechanism to the '''debian-sys-maint''' user in [[MySQL]]. It's just another entryp in =/etc/postgresql/pg_hba.conf=.
Line 81: Line 81:
(same for databases) --> ! not all application are compatible with all the ["DBs"]. (same for databases) --> ! not all application are compatible with all the [[DBs]].

******************************************************************************************************************

Moved the project to http://webapppolicy.alioth.debian.org/wiki/ so please dont keep working on this wiki.

             Thx lots, ["ASCIIGirl"]

******************************************************************************************************************

General ideas from a Web Applications Debian Policy

-- Database

  • Avoid asking root Mysql's password (for local connections)
    • Posible Solution I: mysql-server (>= 4.0.20-8) now features a debian-sys-maint super user which can setup mysql users and databases.

    • Posible Solution II: Some sort of ODBC-alike registry of available database engines (which is why it's not ODBC) where we have the configuration for each DB server available to the machine, and when a package is installed, a list of the available database servers comes up and asks "where do you want this?". If there's only one (as there would be by default if you've installed a local {postgresql,mysql}-server) then the

question can be skipped and everyone's happy.

  • Avoid asking for admin ("postgresql") password on PostgreSQL (for local connections)

    • Idea: Get the PostgreSQL maintainers to include a similar mechanism to the debian-sys-maint user in ?MySQL. It's just another entryp in =/etc/postgresql/pg_hba.conf=.

  • If the application uses a DB, must (offer to) configure it.

  • Disallow default username/passwords. If username(password are to be stored on disk, there should be two options: (1) use default username and randomly generated password (2) prompt the user for username and password (twice, of course).
  • When purging the application, prompt if you want to save or delete the DB.
    • If the user choses to save (dump?) the DB, is there a standard location where to save the files? Maybe =/var/backup=?
  • Never store DB admin password.

-- Webserver

  • Be able to manage multiple sites with one installation (if the application supports it). This is not easy to do automatically.
    • Examples how this can actually be implemented in existing webapps
      • drupal: TODO
  • Use vhosts or subdirectories?
  • Avoid questions of which apache are you using.
    • Problem: I might have apache1 and apache2 installed side by side for specific purposes. The postinst will have to ask me for which server I want the webapp to be installed.
    • If only one Apache flavor is installed on a given machine, the script should skip the question.
  • Web apps should not be dependent on apache, but just httpd.
    • ... but automatic setup stuff for other webservers should not be mandatory.
  • Ask Apache people if they have any idea about something to manage all their variant web servers, so every package could be run on every apache.

-- Filesystem layout

  • Separate static from dynamic data as with regular applications (don't just dump everything somewhere under =/var/www/=!)
  • fhs-compliant layout for sites, examples of how to seperate the config from the rest of the site. what constitutes something that ought to be in /var/cache, /var/lib
  • /web/mywebapp.example.com --> Just got served from http://mywebapp.example.com

    • /web is not specified in the FHS.

-- PHP

  • Php ought to have a php.d directory
    • Posible solution: You can put PHP configuration into Apache configuration files<br>This only works if PHP scripts are run using =mod_php= which usually means that all webapps are run by the Apache user. (Bad idea, security-wise)

  • Php PEAR packaging should have a policy (http://www.madism.org/debian.pear.php)

-- Security

  • Separate core code from site-related code.
  • Separate users if possible (hard to do with PHP)

-- Misc (?WishList)

  • Get a list of different installed web servers, and how to select which ones to target for installation. If there is only one, use it as default. If not prompt the user.

Posible solution: www-ressource that holds all our local/distant dbms ressouce, and web servers.

(same for databases) --> ! not all application are compatible with all the ?DBs.

  • Debhelper macros for as much as possible.
  • Suggest database-server as new virtual package.

Host English Website Navigate: