|
|
|
|
|
|
| 1 |
File: libdata_install.txt |
File: libdata_install.txt |
| 2 |
Title: LibData Installation |
Title: LibData Installation |
| 3 |
Author: Paul F. Bramscher brams006@umn.edu |
Author: Paul F. Bramscher brams006@umn.edu |
| 4 |
Date: November 21, 2003 |
Date: March 16, 2004 |
| 5 |
|
|
| 6 |
|
|
| 7 |
============================================================================== |
============================================================================== |
| 44 |
other in an SSL location (refer to installation steps |
other in an SSL location (refer to installation steps |
| 45 |
below). |
below). |
| 46 |
|
|
| 47 |
Database mySQL. Note that LibData was initially developed on a |
Database mySQL 3.x. Note that LibData was initially developed on a |
| 48 |
version of mySQL without support for transactions, and this |
version of mySQL without support for transactions, and this |
| 49 |
substantially affects the atomicity of the SQL code (lacking |
substantially affects the atomicity of the SQL code (lacking |
| 50 |
the rollback feature). Future versions of LibData will most |
the rollback feature). Other sites have reported successful |
| 51 |
likely be written with transactions in mind, and much more |
installation of LibData on mySQL versions 4.x, with minor |
| 52 |
optimized SQL. |
modifications to the Perl install script. Also note that |
| 53 |
|
the mySQL password() function may create different hashes |
| 54 |
|
between mySQL versions 3.x and 4.x, so migrating a fully |
| 55 |
|
populated production back-end of LibData from one version to |
| 56 |
|
another may require resetting (effectively rehashing) user |
| 57 |
|
passwords. LibData has not been developed for 4.x at this |
| 58 |
|
stage, so additional modification may be necessary. |
| 59 |
|
|
| 60 |
Programming Language Written exclusively in PHP. Coding is structured/function |
Programming Language Written exclusively in PHP. Coding is structured/function |
| 61 |
based for simplicity, using PHP object encapsulation only for |
based for simplicity, using PHP object encapsulation only for |
| 144 |
(try /etc/httpd/conf.d/php.conf with a default Red Hat 9 install). |
(try /etc/httpd/conf.d/php.conf with a default Red Hat 9 install). |
| 145 |
(B) "register_globals = On" should be set in your php.ini file |
(B) "register_globals = On" should be set in your php.ini file |
| 146 |
(try /etc/php.ini with a default Red Hat 9 install). |
(try /etc/php.ini with a default Red Hat 9 install). |
| 147 |
|
|
| 148 |
|
|
| 149 |
|
*** Note that future versions of LibData may be written without this |
| 150 |
|
required setting, but that LibData's security mechanism is not |
| 151 |
|
compromised by setting this ON. The security technique involves storing |
| 152 |
|
a session ID in a client side cookie which must match a server stored |
| 153 |
|
session ID. Every page and every HTML form submission requires |
| 154 |
|
re-checking that the client and server session ID's match. Assuming |
| 155 |
|
they match, an access level is pulled from the server and applied only |
| 156 |
|
to the current page. This constant re-checking, and storing the actual |
| 157 |
|
access level on the server side, makes LibData among the more secure web |
| 158 |
|
mechanisms available. Also, unlike built-in PHP session capability, |
| 159 |
|
LibData sessions are tied to the IP address. So passing a hacked cookie |
| 160 |
|
or GET/POST method -- even with a valid session ID -- would fail unless |
| 161 |
|
it was done from the correct IP address. |
| 162 |
|
|
| 163 |
(C) Also in the php.ini file, make sure that "magic_quotes_gpc = Off". |
(C) Also in the php.ini file, make sure that "magic_quotes_gpc = Off". |
| 164 |
gpc stands for get/post/cookie, and turning quote escaping on will |
gpc stands for get/post/cookie, and turning quote escaping on will |
| 165 |
create problems for interaction at various layers between HTML, |
create problems for interaction at various layers between HTML, |
| 178 |
------------------------------------------- |
------------------------------------------- |
| 179 |
(1) Build the Public LibData html directory |
(1) Build the Public LibData html directory |
| 180 |
------------------------------------------- |
------------------------------------------- |
| 181 |
LibData comes as two tar.gz files. One is named libdata_pos10.tar.gz. This tar |
LibData comes as two tar.gz files. One is named libdata_pos.tar.gz. This tar |
| 182 |
contains all of the public HTML and PHP code. The "p" in this package refers to |
contains all of the public HTML and PHP code. The "p" in this package refers to |
| 183 |
the "public" side of LibData. Extracting the tar will produce a libdata_pos |
the "public" side of LibData. Extracting the tar will produce a libdata_pos |
| 184 |
directory which should be moved to a web-servable location on an Apache instance. |
directory which should be moved to a web-servable location on an Apache instance. |
| 202 |
--------------------------------------------------- |
--------------------------------------------------- |
| 203 |
(2) Build the Administration LibData html directory |
(2) Build the Administration LibData html directory |
| 204 |
--------------------------------------------------- |
--------------------------------------------------- |
| 205 |
The administration/staff modules are contained in libdata_aos10.tar.gz. The "a" in |
The administration/staff modules are contained in libdata_aos.tar.gz. The "a" in |
| 206 |
this package refers to the "administrative" side of LibData. Extracting the tar will |
this package refers to the "administrative" side of LibData. Extracting the tar will |
| 207 |
produce a libdata_aos directory which should be moved to a web-servable location on |
produce a libdata_aos directory which should be moved to a web-servable location on |
| 208 |
an Apache instance as with the previous step -- but it is HIGHLY recommended that this |
an Apache instance as with the previous step -- but it is HIGHLY recommended that this |
| 244 |
clean install of the databases, a base data set, and mysql users. |
clean install of the databases, a base data set, and mysql users. |
| 245 |
****************************************************************************** |
****************************************************************************** |
| 246 |
|
|
| 247 |
Refer to the install directory in the libdata administrative directory. |
*** Also note that the install script works only with mySQL 3.x. mySQL 4.x has |
| 248 |
|
additional fields in the mysql.user table and so the install script may need |
| 249 |
|
minor tweaking. At any rate, mySQL user rights should be managed very carefully |
| 250 |
|
and this script is not meant to provide a definitive solution from a security |
| 251 |
|
standpoint. Essentially the mySQL user named "libdata" must have, at a minimum, |
| 252 |
|
select, insert, update, and delete capability for the libdata and libstats databases. |
| 253 |
|
The mySQL user "libsession" must have select, insert, update, and delete rights |
| 254 |
|
to the libsession database. Refer also to the next section (#5) in this document. |
| 255 |
|
|
| 256 |
|
To run the install script (mySQL 3.x) go to the install directory in the libdata |
| 257 |
|
administrative directory. |
| 258 |
|
|
| 259 |
Run the script named libload.pl, and follow the instructions given. The script |
Run the script named libload.pl, and follow the instructions given. The script |
| 260 |
must be run on the server hosting the mySQL daemon, and the mySQL root account is |
must be run on the server hosting the mySQL daemon, and the mySQL root account is |
| 482 |
and SELECT and INSERT rights to the libstats database. There are several |
and SELECT and INSERT rights to the libstats database. There are several |
| 483 |
strategies to fine-tune security, some of them are related uniquely to your |
strategies to fine-tune security, some of them are related uniquely to your |
| 484 |
institution and levels of paranoia. |
institution and levels of paranoia. |
| 485 |
|
(2) The LibData db_connect.php file, independently in both the administrative |
| 486 |
|
and public halves of LibData contains a function named mysql_tryquery(). This |
| 487 |
|
is a light wrapper around the built-in mysql_query() function. Note that there |
| 488 |
|
is a variable for debug mode ($db_debug). Setting this to 1 (true) will cause |
| 489 |
|
all SQL queries which fail to be output to the screen. This is not recommended |
| 490 |
|
for production or public side LibData. However, it can be used in conjunction |
| 491 |
|
with a mail() type function to the mail the failed query, mySQL error message, |
| 492 |
|
and date/time transparently to the system administrator. This functionality is |
| 493 |
|
not supplied (and requires a functioning SMTP gateway). However, the programming |
| 494 |
|
to enable this is quite minimal given the centralized error-trapping with |
| 495 |
|
mysql_tryquery() in the db_connect.php files. (Remember that administrative and |
| 496 |
|
public LibData utilize their own separate db_connect.php files.) |
| 497 |
|
|
| 498 |
============================================================================== |
============================================================================== |
| 499 |
4.0 TROUBLESHOOTING |
4.0 TROUBLESHOOTING |
| 536 |
|
|
| 537 |
|
|
| 538 |
|
|
| 539 |
November 21, 2003 |
March 16, 2004 |
| 540 |
Paul F. Bramscher |
Paul F. Bramscher |
| 541 |
brams006@umn.edu |
brams006@umn.edu |
| 542 |
University of Minnesota Libraries |
University of Minnesota Libraries |
Parent Directory
| 
Revision Log
| 
Patch