Loading...
 

Tikiwiki-devel (mailman list mirror)


Progress on "File and directory structure revamp" at TikiFestJapan2017

posts: 56

Hi Brendan,

I share the concern. FYI, TRIM backups clearly indicate what they are.


FYI, we have plans for a tool to detect orphan or extra files + check file
integrity.

Let’s progressively clean all this up and plan the breaking stuff after
Tiki18 LTS.

Thanks!


On Wednesday, October 11, 2017, Brendan Ferguson <drsassafras@gmail.com>
wrote:
>>
>> I think I’d prefer the contents to have the random string name if
anything, so something like _backups/20171011-gdlu3684274.gz, but yes,
non-predictable names might help :-)
>
> Ya, that is the idea anyhow. Specifics can be worked out.
>
> Ive thought that tiki should have a control panel that tests if files are
web accessible, and if they are issues a warning. Could even be issued in
the admin panel. I personally prefer NOT having files outside the web root.
I forget about them when I’m upgrading and my backup systems sometimes fail
to do there job properly. Or I just cant figure out what website they are
suppose to be for. I really prefer having everything in one directory, but
of course one has to make sure private files are not accessible.
>
>>
>> jonny
>>
>> On 11 Oct 2017, at 12:53, Brendan Ferguson <drsassafras@gmail.com> wrote:
>>
>>>>
>>>> We’re also thinking of a couple of others, _backup and
_tiki_data_files (i think that’s too ling, Marc like it as it’s explicit)
which ideally should be outside the web root, but often aren’t by default.
Also web writable but definitely should not be web readable (we can add
index.php and .htacccess, but as we know that’s not 100% reliable).
>>>
>>> Another way to achieve a level of isolation is to name it with some
sudo-random code. Like _backup_FJK48509GJ, or _tiki_data_F39BKK309.
>>>
>>> That way there is no way to guess what the directory is. Its easy
enough to for PHP to find these directories but nearly imposable to guess
from a web interface. I know the filename looks ugly, which is the down
side, and it makes the code slightly more complex, which is another down
side.
>>>
>>> Brendan
>>>
>>>>
>>>> Finally we’re hoping to restructure the way multitiki is arranged, so
they would all live in _custom, and so would the default/main/localhost one
like:
>>>>
>>>> _custom/_default/ (could be _main or something?)
>>>> _custom/_default/config/
>>>> _custom/_default/themes/
>>>> _custom/_default/etc
>>>>
>>>> _custom/example.com/
>>>> _custom/example.com/config etc
>>>>
>>>> _custom/other.example.com/
>>>> _custom/other.example.com/config etc
>>>>
>>>>
>>>> More soon (by the way, most of this will be for Tiki 19+ so plenty of
time for more brainstorming! ;)
>>>>
>>>> ジョニー ブラドリー
>>>>
>>>>
>>>>> On 11 Oct 2017, at 01:06, Cloutier, Philippe (DGARI-Consultant) <
Philippe.Cloutier.externe at mern-mffp.gouv.qc.ca> wrote:
>>>>>
>>>>> Hi Brendan,
>>>>> My understanding was that _custom/ would only contain code, and
storage/ would only contain “data” (non-code), which would make them
mutually exclusive. However, if there is a _custom/config/ as the
Brainstorming section suggests, then I’m not sure - good question.
>>>>>
>>>>>> De : Brendan Ferguson mailto:drsassafras@gmail.com
>>>>>> Envoyé : 10 octobre 2017 11:47
>>>>>> À : Tiki developers <tikiwiki-devel@lists.sourceforge.net>
>>>>>> Objet : Re: Tiki-devel Progress on “File and directory structure
revamp” at TikiFestJapan2017
>>>>>>
>>>>>> Wow that is a great initiative!
>>>>>>
>>>>>> It could also lead to the ability to further tighten the rules on
file whitelisting; which would be ideal.
>>>>>>
>>>>>> We should also establish whitelisting rules for the _custom
directory. Im guessing they would likely be the same rules that are found
in the corresponding directories in tiki root.
>>>>>>
>>>>>> I would also like to hear thoughts about how this changes (perhaps)
the concept of the “storage” directory. Should all those files be migrated
into the _custom directory? Where are the boundaries between “storage” and
”_custom”?
>>>>>>
>>>>>> Brendan
>>>>>>
>>>>>>
>>>>>>> On Oct 10, 2017, at 11:13 AM, Marc Laporte <marc@marclaporte.com>
wrote:
>>>>>>>
>>>>>>> Hi!
>>>>>>>
>>>>>>> Following up on Brendan’s great work to move all the temp stuff in
>>>>>>> temp/, we made a bit more progress on ideas and plans for:
>>>>>>> https://dev.tiki.org/File-and-directory-structure-revamp
>>>>>>>
>>>>>>> The most significant is the creation of a _custom directory:
>>>>>>>
https://sourceforge.net/p/tikiwiki/code/HEAD/tree/trunk/_custom/readme.txt
>>>>>>>
>>>>>>> This is a work in progress. Here is what is not expected to change:
>>>>>>> https://doc.tiki.org/Path-structure
>>>>>>>
>>>>>>> Best regards,
>>>>>>>
>>>>>>> --
>>>>>>> Marc Laporte
>>>>>>>
>>>>>>> http://WikiSuite.org
>>>>>>> http://PluginProblems.com
>>>>>>> http://Avan.Tech
>>>>>>>
>>>>>
------------------------------------------------------------------------------
>>>>> Check out the vibrant tech community on one of the world’s most
>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>> ___
>>>>> TikiWiki-devel mailing list
>>>>> TikiWiki-devel at lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>>>>
>>>>
>>>>
------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world’s most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> ___
>>>> TikiWiki-devel mailing list
>>>> TikiWiki-devel at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>>>
>>>
>>>
------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world’s most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> ___
>>> TikiWiki-devel mailing list
>>> TikiWiki-devel at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>>
>>
>>
------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world’s most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> ___
>> TikiWiki-devel mailing list
>> TikiWiki-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>
>
>
------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world’s most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> TikiWiki-devel mailing list
> TikiWiki-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>

--
Marc Laporte

http://WikiSuite.org
http://PluginProblems.com
http://Avan.Tech

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.