r6 - 29 Aug 2003 - 13:02:58 - PeterMasiarYou are here: TWiki >  Codev Web > TWikiForge
Tags:
, create new tag
I need to set up a small site like SourceForge. I've had a look at most of the SourceForge-in-a-can packages, and most are gross overkill for what I need.

What I need:

  • users can add themselves as cvs readers to any project
  • existing cvs writers can give other users write permissions
  • no shell access required
  • no mailing list required

This sounds like a 95% match to the TWiki access control methods.

What I plan to do is:

  • For CVS:
    • Create a chrooted CVS repository for each project.
    • Use SSH tunnelling to provide access to the cvs server.
    • Use an ssh2 DSA key to limit ssh access to only the cvs server.
  • For TWiki:
    • Put TWiki with BasicAuthentication? on an Apache server.
    • Use SSL to prevent password sniffing.
    • Create a new TWiki web for each project
    • Create TWiki groups for cvs readers and cvs writers for each project.
  • Write scripts to
    • extract users name and password from .htpasswd
    • extract cvs readers from a "ProjectCvsReadersGroup" page
    • extract cvs writers from a "ProjectCvsWritersGroup" page
    • update the cvs passwd, readers, writers files

Has anyone else done anything like this?

Can anyone see any major security holes in this plan?

-- AndrewDalgleish? - 22 Nov 2001

I just read a book that said that Basic Authentication will always send user id and password in plaintext.

They recommended setting up one's own CGI for handling login.

(Reference: Dusting, Rashka, McDiarmid: Quality Web Systems. Addison-Wesley.)

I'm not sure how seriously this advice should be taken, they also say that CGI is slow without even mentioning FastCGI or mod_perl, and while these methodes may still be slow compared to some others, they'd at least have deserved mention.

-- JoachimDurchholz - 23 Nov 2001

Given the forks of the SourceForge code there are many interesting and related ideas. Here are some ideas that I see evolving.

  • TWiki has been packaged for Debian GNU/Linux
  • The Debian fork of SourceForge is one of two strongest development areas outside of VA's efforts. The other one is GNU Savannah.
  • Subversion (the next CVS) is coming closer to completion
  • http://Coopx.eu.org has some design documents on platform independent hosting & moving hosted content

-- GrantBow - 18 Oct 2002

This sounds really interesting. I was researching also what can be used as some kind of the ContentForge? for the network on NGO Internet service providers I am working with. Anyone interested in the topics can add it's contact to ContentForge? or NgoTWikiSites.

-- ZeljkoBlace - 18 Oct 2002

Twiki-based portal for software development groups - seems like something I am looking for! Could be a killer application for Twiki (or any other wiki which will implement it first). So far I found:

-- PeterMasiar - 29 Aug 2003

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r6 < r5 < r4 < r3 < r2 | More topic actions
 
Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback SourceForge.net Logo