Closed jklmnn closed 9 years ago
J-8
commented
9 years ago Perfect, thanks! I also added: DirectoryIndex api.php
I also added you to the repo. I seems like you know what you are doing. Thanks for your support. I am a bit overwhelmed by all the requests and things needing to be fixed:D
ghost
commented
9 years ago Guys the Problem here is you need direct access to SSH. But in shared hoster you missed it. I will create a install.PHP that do that job with creating config.php
J-8
commented
9 years ago How I love it when others also think :) You are right. Maybe you can also add a way to automatically add the MySQL database?
ghost
commented
9 years ago Yeah that's what I want to do
J-8
commented
9 years ago Thanks, I never finished what I tried to do. Because I am really bad at designing pages I just left it out. The good thing about a install.php is, that it gives a starting point where maybe a qr code can be displayed to automatically configure the app. I have experimented with that and it works. Don't know if it is an overkill or handy. Thanks again!
ghost
commented
9 years ago I am still working on INSTALL.php I think I will finished it soon
jklmnn
commented
9 years ago +1 for the QR code. I already thought about that too. The password security thing is obviously only usefull, if you use https, but thats not our sphere of influence. I have an idea for MySQL. I don't know if and how it handles encryption at all. But if you setup the database automatically, would it be safe to create a new user with auth key as password? Because then the database password isn't stored plain text anymore, too. Even changing the password might be easier than with SQLite. EDIT: @J-8 thanks for adding me to the repo!
J-8
commented
9 years ago Awesome @beli3ver :)
I will add support for self-signed certificates, because http is just outdated. But you are right, everyone has the freedom of decision. The QR code can be perfectly displayed with the phpqrcode library for php. The use in android is more than simple. About the password for mysql. I have just basic knowledge of mysql, encryption is possible but I dont know how that would work with the supplied value by php.
jklmnn
commented
9 years ago When you create the install.php, you might use the code I have used to check the htaccess for the SQLite database. I you create this entry on install, we don't need to check it every time we use the database.
I have improved the security a bit. The password is no longer stored in plain text but as bcrypt hash. I've added a function to the config file to make creating the hash easier for the user by entering
php config.php <password>.I have also added a .htaccess file that denies access to the directory index.
The, beside the password storing, most important change is the automatic access denying for the sqlite database. If not already added, the sqlite_connector will add the database file to the .htaccess file and deny access to it. EDIT: I have seen that you can use sqlite with encryption. It would make sense to encrypt the database with the auth key now, since it isn't stored in plain text anymore. The only problem I see here is that if you change the auth key, you might loose access to your database and I don't have an easy way now to change the password.