|
|
|
|
|
|
1 |
File: libdata_install.txt |
File: libdata_install.txt |
2 |
Title: LibData Installation |
Title: LibData Installation |
3 |
Author: Paul F. Bramscher brams006@umn.edu |
Author: Paul F. Bramscher brams006@umn.edu |
4 |
Date: November 21, 2003 |
Date: March 16, 2004 |
5 |
|
|
6 |
|
|
7 |
============================================================================== |
============================================================================== |
44 |
other in an SSL location (refer to installation steps |
other in an SSL location (refer to installation steps |
45 |
below). |
below). |
46 |
|
|
47 |
Database mySQL. Note that LibData was initially developed on a |
Database mySQL 3.x. Note that LibData was initially developed on a |
48 |
version of mySQL without support for transactions, and this |
version of mySQL without support for transactions, and this |
49 |
substantially affects the atomicity of the SQL code (lacking |
substantially affects the atomicity of the SQL code (lacking |
50 |
the rollback feature). Future versions of LibData will most |
the rollback feature). Other sites have reported successful |
51 |
likely be written with transactions in mind, and much more |
installation of LibData on mySQL versions 4.x, with minor |
52 |
optimized SQL. |
modifications to the Perl install script. Also note that |
53 |
|
the mySQL password() function may create different hashes |
54 |
|
between mySQL versions 3.x and 4.x, so migrating a fully |
55 |
|
populated production back-end of LibData from one version to |
56 |
|
another may require resetting (effectively rehashing) user |
57 |
|
passwords. LibData has not been developed for 4.x at this |
58 |
|
stage, so additional modification may be necessary. |
59 |
|
|
60 |
Programming Language Written exclusively in PHP. Coding is structured/function |
Programming Language Written exclusively in PHP. Coding is structured/function |
61 |
based for simplicity, using PHP object encapsulation only for |
based for simplicity, using PHP object encapsulation only for |
144 |
(try /etc/httpd/conf.d/php.conf with a default Red Hat 9 install). |
(try /etc/httpd/conf.d/php.conf with a default Red Hat 9 install). |
145 |
(B) "register_globals = On" should be set in your php.ini file |
(B) "register_globals = On" should be set in your php.ini file |
146 |
(try /etc/php.ini with a default Red Hat 9 install). |
(try /etc/php.ini with a default Red Hat 9 install). |
147 |
|
|
148 |
|
|
149 |
|
*** Note that future versions of LibData may be written without this |
150 |
|
required setting, but that LibData's security mechanism is not |
151 |
|
compromised by setting this ON. The security technique involves storing |
152 |
|
a session ID in a client side cookie which must match a server stored |
153 |
|
session ID. Every page and every HTML form submission requires |
154 |
|
re-checking that the client and server session ID's match. Assuming |
155 |
|
they match, an access level is pulled from the server and applied only |
156 |
|
to the current page. This constant re-checking, and storing the actual |
157 |
|
access level on the server side, makes LibData among the more secure web |
158 |
|
mechanisms available. Also, unlike built-in PHP session capability, |
159 |
|
LibData sessions are tied to the IP address. So passing a hacked cookie |
160 |
|
or GET/POST method -- even with a valid session ID -- would fail unless |
161 |
|
it was done from the correct IP address. |
162 |
|
|
163 |
(C) Also in the php.ini file, make sure that "magic_quotes_gpc = Off". |
(C) Also in the php.ini file, make sure that "magic_quotes_gpc = Off". |
164 |
gpc stands for get/post/cookie, and turning quote escaping on will |
gpc stands for get/post/cookie, and turning quote escaping on will |
165 |
create problems for interaction at various layers between HTML, |
create problems for interaction at various layers between HTML, |
178 |
------------------------------------------- |
------------------------------------------- |
179 |
(1) Build the Public LibData html directory |
(1) Build the Public LibData html directory |
180 |
------------------------------------------- |
------------------------------------------- |
181 |
LibData comes as two tar.gz files. One is named libdata_pos10.tar.gz. This tar |
LibData comes as two tar.gz files. One is named libdata_pos.tar.gz. This tar |
182 |
contains all of the public HTML and PHP code. The "p" in this package refers to |
contains all of the public HTML and PHP code. The "p" in this package refers to |
183 |
the "public" side of LibData. Extracting the tar will produce a libdata_pos |
the "public" side of LibData. Extracting the tar will produce a libdata_pos |
184 |
directory which should be moved to a web-servable location on an Apache instance. |
directory which should be moved to a web-servable location on an Apache instance. |
202 |
--------------------------------------------------- |
--------------------------------------------------- |
203 |
(2) Build the Administration LibData html directory |
(2) Build the Administration LibData html directory |
204 |
--------------------------------------------------- |
--------------------------------------------------- |
205 |
The administration/staff modules are contained in libdata_aos10.tar.gz. The "a" in |
The administration/staff modules are contained in libdata_aos.tar.gz. The "a" in |
206 |
this package refers to the "administrative" side of LibData. Extracting the tar will |
this package refers to the "administrative" side of LibData. Extracting the tar will |
207 |
produce a libdata_aos directory which should be moved to a web-servable location on |
produce a libdata_aos directory which should be moved to a web-servable location on |
208 |
an Apache instance as with the previous step -- but it is HIGHLY recommended that this |
an Apache instance as with the previous step -- but it is HIGHLY recommended that this |
244 |
clean install of the databases, a base data set, and mysql users. |
clean install of the databases, a base data set, and mysql users. |
245 |
****************************************************************************** |
****************************************************************************** |
246 |
|
|
247 |
Refer to the install directory in the libdata administrative directory. |
*** Also note that the install script works only with mySQL 3.x. mySQL 4.x has |
248 |
|
additional fields in the mysql.user table and so the install script may need |
249 |
|
minor tweaking. At any rate, mySQL user rights should be managed very carefully |
250 |
|
and this script is not meant to provide a definitive solution from a security |
251 |
|
standpoint. Essentially the mySQL user named "libdata" must have, at a minimum, |
252 |
|
select, insert, update, and delete capability for the libdata and libstats databases. |
253 |
|
The mySQL user "libsession" must have select, insert, update, and delete rights |
254 |
|
to the libsession database. Refer also to the next section (#5) in this document. |
255 |
|
|
256 |
|
To run the install script (mySQL 3.x) go to the install directory in the libdata |
257 |
|
administrative directory. |
258 |
|
|
259 |
Run the script named libload.pl, and follow the instructions given. The script |
Run the script named libload.pl, and follow the instructions given. The script |
260 |
must be run on the server hosting the mySQL daemon, and the mySQL root account is |
must be run on the server hosting the mySQL daemon, and the mySQL root account is |
482 |
and SELECT and INSERT rights to the libstats database. There are several |
and SELECT and INSERT rights to the libstats database. There are several |
483 |
strategies to fine-tune security, some of them are related uniquely to your |
strategies to fine-tune security, some of them are related uniquely to your |
484 |
institution and levels of paranoia. |
institution and levels of paranoia. |
485 |
|
(2) The LibData db_connect.php file, independently in both the administrative |
486 |
|
and public halves of LibData contains a function named xx_tryquery(). This |
487 |
|
is a light wrapper around the built-in xx_query() function. Note that there |
488 |
|
is a variable for debug mode ($db_debug). Setting this to 1 (true) will cause |
489 |
|
all SQL queries which fail to be output to the screen. This is not recommended |
490 |
|
for production or public side LibData. However, it can be used in conjunction |
491 |
|
with a mail() type function to the mail the failed query, mySQL error message, |
492 |
|
and date/time transparently to the system administrator. This functionality is |
493 |
|
not supplied (and requires a functioning SMTP gateway). However, the programming |
494 |
|
to enable this is quite minimal given the centralized error-trapping with |
495 |
|
xx_tryquery() in the db_connect.php files. (Remember that administrative and |
496 |
|
public LibData utilize their own separate db_connect.php files.) |
497 |
|
|
498 |
============================================================================== |
============================================================================== |
499 |
4.0 TROUBLESHOOTING |
4.0 TROUBLESHOOTING |
536 |
|
|
537 |
|
|
538 |
|
|
539 |
November 21, 2003 |
March 16, 2004 |
540 |
Paul F. Bramscher |
Paul F. Bramscher |
541 |
brams006@umn.edu |
brams006@umn.edu |
542 |
University of Minnesota Libraries |
University of Minnesota Libraries |