[prev in list] [next in list] [prev in thread] [next in thread] 

List:       quanta
Subject:    Re: [Quanta] Kommander news and fund raising
From:       Andrew Lowe <andrew.lowe () manildra ! com ! au>
Date:       2008-02-27 3:05:56
Message-ID: 200802271405.56747.andrew.lowe () manildra ! com ! au
[Download RAW message or body]

On Wed, 27 Feb 2008 11:58:37 Eric Laffoon wrote:
> You know, actually I'm thinking really only of using this for download, but
> doing 10 things at once. 
Ok, if it is only for getting local project in sync with the server (one way - 
never upload) then there should be no real problem - you do not need to 
introduce any special server permissions - the web server just needs read 
permission for the file, which it needs to serve and interpret them anyway.

> Actually any form submission on a server is a 
> means of exploit, and there was a lot of it going around. I think much has
> been patched, but it's impossible to do it all. I picked up some PHP
> functions and tweaked them years ago just fo this to "remove evil tags".
>
> function removeEvilTags($source,$allowedTags="")
>  {
>     $source = strip_tags($source, $allowedTags);
>     return preg_replace('/<(.*?)>/ie',
> "'<'.removeEvilAttributes('\\1').'>'", $source);
>  }
> function removeEvilAttributes($tagSource)
>  {
>         $stripAttrib = "' (style|class)=\"(.*?)\"'i";
>         $tagSource = stripslashes($tagSource);
>         $tagSource = preg_replace($stripAttrib, '', $tagSource);
>         return $tagSource;
>  }
>  These are to strip out tags put in submission forms.

I have my own too... mainly in send us an email forms - they got hit up badly 
with exploits... injecting newlines into headers, creating long lists of 
email addresses to bcc to ... it hurt us a little - but was discovered 
quickly.

> Sure, and it's more secure just to download, which was my primary purpose,
> as Quanta already has upload facilities. However I'm not sure how many
> servers are set up like this. Actually I haven't used anything like this
> for a while so for all I know it's the default, but as i said my primary
> purpose was to augment the fact that Quanta doesn't synchronize. However
> cleaning cruft could be a pointof contention as it obviously needs write
> abilities.
Yep... looks like for sync with server you would need to just read - cruft 
would have to be manually removed from the server, otherwise write 
permissions would be needed.
The synchronize dialog could have the ability to ignore files, this would help 
not downloading stuff over and over - especially useful if you have a large 
amount of data on the server you do not want locally for development.

> Actually we set up SVN on a test server because Andras swore it was easy.
> Of course easy is a relative term not wise to use in the same sentence with
> "Andras" because within a few minutes of first looking at PHP he could
> already do things I had trouble sorting out. ;-)
SVN is not too bad - takes some learning, but saves us so much time here - 
even when we only had one developer (me) I found it very useful, but now we 
have a couple of devs, it is almost essential.

Andras is a C++ legend - so I am not supprised PHP is easy for him to 
learn :-)

>
> It seems to be a universal frustration that there is no certain way to
> insure compatibility of any program interaction with a server.
>
I especially hate doing things on "hosted" server - often shared servers where 
there are extreme limitations....

> > running in BASH:
> > if ! rsync -q -a --delete -e "ssh -q  -i myssh.key" ${PROJECT_FOLDER}
> > ${USERNAME}@${SERVER}:${PROJECT_PATH} then
> > 	echo 'backup failed'
> > else
> > 	echo 'backup worked'
> > fi
> >
> > seems to work for me - getting variables would be one of the harder parts
> > - I think you can specify the password on the command line - but for my
> > backup jobs i use keys stored in a file. (oh and watch the --delete !)
>
> I'll take a look at this, however it would be easy enough using ssh to list
> and compare, even to use a timer and alert of changes. The paradox of a
> handy program is if you want to do other things not consistent with it's
> interface it proves to be handy in less places. ;-)
>

with the rsync command above, drop the -q (quiet mode) and add -n (dry-run) 
and you should get a listing of what needs to be transferred... then you can 
use the output to set your ignore files/folders...
I use the ssh as my io, but you can use just quite a bit more - including 
mount the structure (perhaps KIO would work), and rsync as if local...

Anyway... just some ideas


-- 
Andrew Lowe
    System Administrator & Programmer
        Information Technology
            Manildra Group

Email:   andrew.lowe@manildra.com.au
Phone:   02 4423 8270
Mobile:  04 1323 8270
Fax:     02 4421 7760 
_______________________________________________
Quanta mailing list
Quanta@mail.kde.org
https://mail.kde.org/mailman/listinfo/quanta
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic