time logged
by gluca980@libero.it
Hi,
I use smallWiki, I'd like knowing if I do the login and after I will close the page without do the logout, how much time the server still see me logged?
Do you know which instruction can I modify to change this time?
Cheers
Luca
____________________________________________________________
Libero Flat, sempre a 4 Mega a 19,95 euro al mese!
Abbonati subito su http://www.libero.it
17 years, 10 months
Re: [SW2] SW2CurrentContextHolder und liveCallback
by Lukas Renggli
On 24 Sep 2005, at 14:00, Philippe Marschall wrote:
> Du mir ist gerade etwas aufgefallen und zwar ist bei einem
> liveCallback SW2CurrentContextHolder value nil. Ist das ein
> bekanntes Problem?
Yeah, this is simply because the live-callback isn't evaluated within
the context chain where the dynamic variable is defined. As a
workaround you can just reference the context-holder from within the
live-block when defining the callback. That should be probably fixed
in Seaside or maybe SmallWiki 2, I don't recall where exactly this
variable is defined.
Cheers,
Lukas
PS: Please ask your questions to the mailing list, so that other
people can follow the discussion as well.
--
Lukas Renggli
http://www.lukas-renggli.ch
17 years, 11 months
XML smallwikiEnh
by Samir Saidani
Hi Thomas,
I'm working to add your XML enhancement to the SW1
repository. Unfortunately I destroyed the SmallWikiEnh, I didn't see
that you had contributed to this repository and thought that this
repository was of no use. Maybe I was wrong, it could be convenient in
fact to have a mainstream and besides separated enhancements to help
testing. Anyway could you send me this enhancement ?
By the way did you experiment some unstability from the newest SW1
version ? Because I discover that when I launch for the first time
this version under the name squeakFr.image, there is unstability, but
when I launch for the second time (after crash) the SW1
smallwikiSnaphot.image, it works quite well : maybe related to the
name of the image, don't know !
Regards,
Samir
17 years, 12 months
[SW2] Think about a new name
by Damien Cassou
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
as probably most of you already know, SmallWiki 2 is very powerfull and
much more than a wiki.
Here is a discussion between Lukas and me:
Lukas: the problem is basically that smallwiki is a very well known name
already
Lukas: the best name we found so far is "Seashell"
Lukas: or just "Shell"
Lukas: but you are right, it is not just a wiki anymore
Damien: Seashell => Seaside and SmallWiki is not Seaside dependent (it
should not in the future at least)
Damien: why Shell ?
Lukas: because a shell is like can contain cool stuff
Lukas: and it is like something that is around your stuff
Lukas: well... if you have better ideas, feel free to open a discussion
in the mailing-list ;-)
Damien: I will try to think about a name. Shell for me is "Bash" or
thing like this.
Lukas: another idea was "Harbour"
Lukas: but i don't like the sound of the word ;-)
Lukas: maybe we should just take something totally unrelated and
abstract, such as magritte
Damien: Harbour is a common name, you won't have the first results in google
Damien: we may construct an abstract name based on this ideas
We are open to ideas from everybody.
Here are some ideas:
Swinaw: SmallWiki is not a wiki
Sinawa: Smallwiki is not a wiki anymore
SmallHarbour
STGW: Small talk, great work
- --
Damien
,
/| __
/ | ,-~ /
Y :| // /
| jj /( .^
>-"~"-v"
/ Y
jo o |
( ~T~ j
>._-' _./
/ "~" |
Y _, |
/| ;-"~ _ l
/ l/ ,-"~ \
\//\/ .- \
Y / Y
l I !
]\ _\ /"\
(" ~----( ~ Y. )
~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDJ67Wyl2oT75/6woRApqqAJ92NVgCczXod9ibqxhIIGWP5lrj8gCfWzQK
935IXgVR8LaHExqDLdtClHc=
=5LIM
-----END PGP SIGNATURE-----
18 years
management session
by gluca980@libero.it
Hi,
I use smallwiki1, I'd like to find some information about the management session.
I read the document:
Management and Security of
Collaborative Web Environments
written from
Prof. Dr. St´ephane Ducasse
Prof. Dr. Oscar Nierstrasz
There I didn't find for example if I'm login where the server save the username and password, or if I close the window how long the server still see me logged?how long is the timeout?
Could someone tell me where can I find a document that talk about this or describe the management session, please.
I'll look forward to receive an answer...
thanks
Gianluca
18 years
Re: [SW2] Think about a new name
by Darius
How about an allusion to fractals & nesting.
"EndlessShores" (only one ref on Google) or
"EndlessCoasts" (only two refs on Google) or
"EndlessBeach" (lots of ref on Google :[ )
"Endless" sort of opposite to "Closures"
18 years
RE: [SW2] security model
by Ramon Leon
> Try this:
> http://www.iamexwi.unibe.ch/studenten/marschal/SW2-ACL.zip
>
> Sorry it took so long. 12 MB don't work well with SW1, my
> upload bandwidth sucks and I only have 75 MB of quota.
>
Excellent, exactly what I was looking for, thanks.
> We are aware that setting up a SW2 image right know is no as
> simple as it should be. Lukas is looking into ways to make
> this much simpler.
> Just remember that SW2 is still in development and not `a product'
> yet.
Very aware of that.
> Sorry about that, this is my fault. Bootstrapping was broken
> in the latest versions because of overrides (or more the way
> Squeak/Monticello don't handle them) and I noticed this
> today. Thanks for pointing this out to me.
Anytime.
> Put SW2 into production? Right now? Are you aware of the fact
> that SW2 is still in development, internal datastructures
> might change and the only persistence right now is `save
> image' (although putting a kernel into a reference stream
> should be simple)?
I was using the term production very loosely. I mean production for my
own little side projects and hobby projects, I just meant that to even
put SW2 up on my server at all, I'd need it to have security. I know
it's bleeding edge, not quite finished and occasionally buggy, I'm
perfectly fine with that because it's going in exactly the direction I
like and I enjoy watching it grow. It's helpful in understanding the
design decisions that are being made.
Ramon Leon
18 years
RE: [SW2] security model
by Ramon Leon
I'd like to suggest that you place a running sample image of this
running in Squeak3.8 on the
site(http://smallwiki.unibe.ch/advanceddesignlabs/admin/). I tried
loading this a few days ago and ran into problems and your setup
instructions were for 3.7, and make a few assumptions about some
knowledge all of us may not have acquired just yet, like recompiling
individual classes and why it's necessary.
Currently getting an error about the environment not being initialized
because the setup of the Smallwiki2 Kernel failed on content or contents
being nil, this is from memory so I can recall exactly. I ask for 3.8
because 3.9 is too new and I want to put something into production that
isn't shaky and I'd like to use Smallwiki2, I think stable enough for my
needs with the minor exception of missing a security system and a
search, but as a host container for my Seaside components I think it's
fantastic.
> -----Original Message-----
> From: owner-smallwiki(a)iam.unibe.ch
> [mailto:owner-smallwiki@iam.unibe.ch] On Behalf Of Philippe Marschall
> Sent: Monday, September 12, 2005 10:27 PM
> To: smallwiki(a)iam.unibe.ch
> Subject: [SW2] security model
>
> Hi
>
> We have been discussing the security model of SW2 lately and
> now we're stuck. So this is your chance to say what you need,
> come up with brilliant ideas or pull the emergency brake ;).
> We're open for anything, don't hesitate to ask questions or
> make suggestions.
>
> The stock SW2 does not have a security model. Maybe it will
> get one, maybe not, if it gets one it will likely be very
> simple. Something like locking of Swiki. But that does not
> mean there isn't a a security model for SW2, you can load it
> from the MC repository below. This model is the subject of
> this message.
>
> MCHttpRepository
> location: 'http://kilana.unibe.ch:8888/adl'
> user: ''
> password: ''
> (contact me if you want write permission)
>
> The Present
> The system is based on access control lists which allow you
> to define a set of access rules for a structure (page, file,
> component, ...). It is already working and only has some
> minor glitches (you don't have to confirm the password, stuff
> like that).
>
> A rule looks like this:
> <Principal> <Allow/Deny> <Action>
> Principal: is either a user or a group
> Allow/Deny: should be clear
> Action: is either a command or set of commands referred as
> `Command Set'
> which can be defined almost like a group.
>
> So sample rules might look like this:
> `students are not allowed to Edit'
> `everyone is allowed to View'
> `bob is allowed to Remove'
>
> The non-abstract commands currently in my image are
>
> generic commands for any structure
> SW2AddCommand (add anything, file, page, component, ...)
> SW2CopyCommand SW2MoveCommand SW2RemoveCommand SW2ViewCommand
>
> page related commands
> SW2InplaceEditCommand
> SW2EditPageCommand
>
> file related commands
> SW2EditFileCommand
>
> component related commands
> SW2SettingsComponentCommand
> SW2EditComponentCommand
>
> user management related commands
> SVAddUMChildCommand (stupid name, add a user/group/command
> set) SVEditUMChildCommand (stupid name as well, edit a
> user/group/command set)
>
> access control related commands
> SVCopyACLCommand
> SVViewACLCommand
> SVAddACLItemCommand
> SVEditACLItemCommand
> SVMoveACLItemCommand
> SVRemoveACLItemCommand
>
> always allowed
> SVLoginCommand
> SVRetryCommand
> SVLogoutCommand
> SVChangePasswordCommand (only change your own)
>
> special users:
> root, can do anything, not affected by any access rules
> guest, aka anonymous, the user who is not logged in
>
> special groups
> everyone, includes every user
> everyone but guest, any user who is logged in
>
> special command sets
> everything, includes all commands
>
> The user management is a special structure named Management
> which is attached to the root of the wiki like Environment
> (the meta wiki). A user, a group, everything is a structure
> embedded into the wiki.
>
> Root
> \+ whatever
> \+ Environment
> \+ Management
> \+ Users
> \+ User1
> \+ User2
> \+ Groups
> \+ Group1
> \+ Group2
> \+ Command Sets
> \+ Command Set 1
>
> Limitations
> Because we just control commands and the add command is
> generic we can not allow someone to add pages and deny adding
> of files to him at the same time for the same structure. Is
> this a problem for anyone?
> However we can allow someone to add users but deny adding of
> groups to him.
> We don't do any form of spam or flood protection/recognition.
> We have no concept of administrator or owner. Just root. You
> can create a group administrators and add a rule
> `administrators are allowed to do anything' to all structures
> (add it to root and check the box to add it to all children),
> but if someone has the right to edit, add or remove access
> rules he can disable this rule. That would require root to fix it.
>
> The Future
> Like you can redefine Environment for structures we are
> looking for a way to redefine Management too in order to
> allow locally administrated subwikis (like Zope). We have not
> started with this because we are still struggling with the
> semantics (the actual reason for this mail).
>
> The problems we have encountered so far are:
> - Do we have a local root user a subwiki? How do we name it
> and how do we name it in a subsubwiki?
> - Are user names globally unique? Can you redefine users in a subwiki?
> If yes what happens if a user enters a subwiki where he is redefined?
> What if we leaves? What if a redefined subwiki user enters a
> superwiki?
> - What happens if a subwiki user leaves his subwik (does he
> become guest)? What if there exists a user with the same name?
> - Who is allowed to add a new Management? This is an issue
> because the Add command is generic and the Management is just
> a regular structure so if you can add structures then you can
> add a Management too (we could actually modify (read hack)
> the description of the Add command to exclude Management and
> add a separated command for that). If a also have a local
> root and initialize it's password with a default value (or
> even ask the user) then you can get all the rights in this
> subwiki if you have the add command.
> - Do you see any case where you need this? (This is probably
> the most important question of them all)
>
> Another option we discussed lately was the possibility to
> just add users and groups in the wiki instead of adding a
> Management but this doesn't seem to make any difference or
> solve any problems.
>
> What currently makes the most sense to me is:
> Prevent adding of a Management with the Add command
> (#isValidForAddCommand or something like that) and make an
> own command for that. Which makes sense in the long term
> because certain kinds of structures can only have or be child
> of certain kinds of other structures.
> Make user names globally unique because this solves a lot a problems.
> If you leave your subwiki you become guest.
> However I'm still undecided on the subwikiroot.
>
> Cheers
> Philippe
>
>
18 years
RE: [SW2] security model
by Ramon Leon
Yes, as it's the current stable release.
> -----Original Message-----
> From: owner-smallwiki(a)iam.unibe.ch
> [mailto:owner-smallwiki@iam.unibe.ch] On Behalf Of Damien Cassou
> Sent: Tuesday, September 13, 2005 11:44 AM
> To: smallwiki(a)iam.unibe.ch
> Subject: Re: [SW2] security model
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > I ask for 3.8
> > because 3.9 is too new and I want to put something into production
> > that isn't shaky and I'd like to use Smallwiki2, I think
> stable enough
> > for my needs with the minor exception of missing a security
> system and
> > a search, but as a host container for my Seaside components I think
> > it's fantastic.
>
> If you need 3.8 maybe others would prefer 3.8 too. I'm
> currently maintaining a 3.9 ready-to-use image of smallwiki2.
> Do you want me to use 3.8 instead ?
>
> What is best ?
>
> - --
> Damien
> ,
> /| __
> / | ,-~ /
> Y :| // /
> | jj /( .^
> >-"~"-v"
> / Y
> jo o |
> ( ~T~ j
> >._-' _./
> / "~" |
> Y _, |
> /| ;-"~ _ l
> / l/ ,-"~ \
> \//\/ .- \
> Y / Y
> l I !
> ]\ _\ /"\
> (" ~----( ~ Y. )
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDJx3+yl2oT75/6woRAt14AJ9ZeY9ut5G05TgyFFnmAwPA3RcxHACfbekE
> mxSSI8vzBU4FMfL1qvKhCw0=
> =w7+4
> -----END PGP SIGNATURE-----
>
18 years
