Question about web applications
Paulo Cavalcanti
promac at gmail.com
Thu Jun 4 11:33:36 UTC 2009
On Thu, Jun 4, 2009 at 8:00 AM, David Nalley <david at gnsa.us> wrote:
> On Thu, Jun 4, 2009 at 6:23 AM, Paulo Cavalcanti <promac at gmail.com> wrote:
> > Hi,
> >
> > I submitted ampache (http://ampache.org/) for review, but I was told
> that it
> > could not use any external software
> > bundled in the code. In fact, it uses getid3, a file that seems to come
> from
> > horde (horde/Browser.php),
> > and some others.
> >
> > According to the weekpedia (http://en.wikipedia.org/wiki/Ampache)
> >
> > "Ampache has been featured in numerous online blogs and technical
> articles.
> > One of the more notable was the O'Reilly book Spidering Hacks which
> tested
> > the security of online applications. Ampache was found to be immune to
> > standard spidering hacks as described in the O'Reilly article, and it has
> > continued that trend by focusing on security during its development. The
> > Code Philosophy listed on Ampache's wiki specifically lists security as
> one
> > of those most important considerations during application development."
> >
> > Does it make any sense to fiddle something that has always had security
> as a
> > prime concern?
> >
> > Any comment is welcome.
> >
> > Thanks.
> >
> > --
> > Paulo Roma Cavalcanti
> > LCG - UFRJ
> >
> > --
> > fedora-devel-list mailing list
> > fedora-devel-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-devel-list
> >
>
>
> Perhaps I am the least well suited to respond as I did some of the
> initial review.
No, on the contrary.
>
> However, there are at least 10 bundled libraries with ampache,
> including pear-XML_RPC, nusoap, getid3, small snippets from Horde,
> captchaphp, php-Snoopy, etc.
>
> In addition to the security benefits, creating the separate package
> means other packages (even other web apps) can make use of the
> libraries that would be available in Fedora instead of just ampache.
> I can empathize with the extra work that this causes, as I am trying
> to fix a few of these problems with another web app.
>
>
Maybe we can list all of the packages we would like to have for web
applications, and try to set a "task force" to cope with them?
I think if we had three or four people willing to help, the work would be
concluded fast. There are always people looking forward to contributing,
but without a good package to work with.
--
Paulo Roma Cavalcanti
LCG - UFRJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/devel/attachments/20090604/623eb877/attachment.html
More information about the devel
mailing list