[freeside] Billing and other questions

ivan ivan at 420.am
Tue Jun 6 00:06:28 PDT 2000 

On Tue, Jun 06, 2000 at 07:10:10PM +1200, Gordon Smith wrote:
> With suexec, I was meaning that suexec must remain in the document root
> by default (bottom of the suexec page)  :-)
> 
> I can sympathise with people trying to get mod_perl working now, having
> just built apache with mod_perl, mod_ssl, php4 and (ick!) frontpage.
> 
> For others cotemplating doing this, you MUST sacrifice a small goat
> during compilation. Or it won't work.
> 
> As an aside, is there any reason not to use php for reporting out of
> freeside?

I can't think of any.

> 
> Cheers,
> Gordon
> 
> 
> 
> ivan wrote:
> > 
> > On Tue, Jun 06, 2000 at 06:28:10PM +1200, Gordon Smith wrote:
> > > Thanks Ivan. This setup is an interim measure, since they are a small
> > > ISP with no money  :-)
> > >
> > > I'll have a look at the perl stuff - I'm still learning perl at the
> > > moment...
> > >
> > > I do have another suggestion, that you probably won't agree with.
> > 
> > Hehe, yep, you're right.
> > 
> > > Thats having the option of running freeside as the nobody user, rather
> > > than using wrappers for the CGI scripts.
> > 
> > Nope.  This would, in effect, mean that the nobody user would have full
> > access to your customer database, and (if exporting is setup) root access
> > to other machines.  Since the nobody user is the default for "unsafe"
> > daemons etc., this is a really bad idea (despite the fact that your
> > Freeside machine should be secured).
> > 
> > > If used with ssl and .htaccess,
> > 
> > Umm, you should be using SSL and .htaccess (or one of the database
> > equivalents) *regardless*.
> > 
> > > it would still be quite secure. The problem with suexec is that the CGI
> > > scripts must reside in the root web, not in sub-folders, although this
> > > can be changed by hacking the source for suexec.
> > 
> > Umm, I don't understand your terminology here.  What's a `root web'?
> > What's a `sub-folder'?  If I read them as `DocumentRoot' and
> > `subdirectory' your statment is false, and if you are hacking suEXEC
> > you're likely to break any security you've gained by using it.  See the
> > warnings at <http://www.apache.org/docs/suexec.html>.
> > 
> > suEXEC is a sub-optimal solution in the long run, anyway.  Like setuid
> > execution, it's only supported because of the problems people have getting
> > mod_perl running.
> >

-- 
meow
_ivan

More information about the freeside-users mailing list