Tags:
create new tag
view all tags
I need to set up a small site like SourceForge. I've had a look at most of the SourceForge-in-a-can packages, and most are gross overkill for what I need.

What I need:

  • users can add themselves as cvs readers to any project
  • existing cvs writers can give other users write permissions
  • no shell access required
  • no mailing list required

This sounds like a 95% match to the TWiki access control methods.

What I plan to do is:

  • For CVS:
    • Create a chrooted CVS repository for each project.
    • Use SSH tunnelling to provide access to the cvs server.
    • Use an ssh2 DSA key to limit ssh access to only the cvs server.
  • For TWiki:
    • Put TWiki with BasicAuthentication on an Apache server.
    • Use SSL to prevent password sniffing.
    • Create a new TWiki web for each project
    • Create TWiki groups for cvs readers and cvs writers for each project.
  • Write scripts to
    • extract users name and password from .htpasswd
    • extract cvs readers from a "ProjectCvsReadersGroup" page
    • extract cvs writers from a "ProjectCvsWritersGroup" page
    • update the cvs passwd, readers, writers files

Has anyone else done anything like this?

Can anyone see any major security holes in this plan?

-- AndrewDalgleish - 22 Nov 2001

I just read a book that said that Basic Authentication will always send user id and password in plaintext.

They recommended setting up one's own CGI for handling login.

(Reference: Dusting, Rashka, McDiarmid: Quality Web Systems. Addison-Wesley.)

I'm not sure how seriously this advice should be taken, they also say that CGI is slow without even mentioning FastCGI or mod_perl, and while these methodes may still be slow compared to some others, they'd at least have deserved mention.

-- JoachimDurchholz - 23 Nov 2001

Given the forks of the SourceForge code there are many interesting and related ideas. Here are some ideas that I see evolving.

  • TWiki has been packaged for Debian GNU/Linux
  • The Debian fork of SourceForge is one of two strongest development areas outside of VA's efforts. The other one is GNU Savannah.
  • Subversion (the next CVS) is coming closer to completion
  • http://Coopx.eu.org has some design documents on platform independent hosting & moving hosted content

-- GrantBow - 18 Oct 2002

This sounds really interesting. I was researching also what can be used as some kind of the ContentForge for the network on NGO Internet service providers I am working with. Anyone interested in the topics can add it's contact to ContentForge or NgoTWikiSites.

-- ZeljkoBlace - 18 Oct 2002

Twiki-based portal for software development groups - seems like something I am looking for! Could be a killer application for Twiki (or any other wiki which will implement it first). So far I found:

  • display source code: Pdoc (some people liked it - example is on CodevDocumentationProject )
  • viewCVS http://www.viewcvs.org (python - maybe there is perl-based tool like that?)
  • bug tracking - Twiki
  • documentation - Twiki
  • FAQ forums - Twiki

-- PeterMasiar - 29 Aug 2003

WebForm
TopicClassification FeatureBrainstorming
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r6 - 2003-08-29 - PeterMasiar
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.