Meeting Log 03.05.2010 - 20:00 / mumble¶
Present: Apophis, dergringo, Vanadis, cockroach, Simon Rupf, Corvus, Exception
Lead meeting: Corvus
Log writer: dergringo
I = Information
D = Discussion
V = Vote
|Status Reports: Mail (Syncom, SpamAssassin), Web (Drupal 2.0, Forum NG, Wiki NG), E-Voting (PiVote), MemberDB/LDAP||x|
|Server Request by e-Voting||x||x|
|Project Hosting (camp2010)||x||x||(x)|
|Security for the connection Drupal to LDAP||x|
Every DI Sub Project gives a short overview about the things that were going on.
<li><p>Mail (Syncom, SpamAssassin) cockroach</p>
<p>Mail runs. Nothing happened regarding the projects.</p></li>
<li><p>Web (Drupal 2.0, Forum NG, Wiki NG) Apophis/dergringo</p>
<p>Migration was done, though some errors need to get fixed.</p></li>
<li><p>E-Voting (PiVote) Exception/SimonRupf/Apophis</p>
<p>The first test was successful. Some minor features are missing. Also there is a long time to wait when calculating the prime numbers.</p></li>
<p>MDB advances. Still some stuff missing.</p></li>
Server Request by e-Voting¶
The e-Voting project has requested a virtual machine for a first alpha test at http://forum.piratenpartei.ch/viewtopic.php?f=149&t=2074
<li><p>What are the requirements for the server?</p>
<p>Exception: An OS with mono.</p></li>
<li><p>Can we use lechuck for this first test?</p>
<p>For the tests LeChuck is sufficient. We need to monitor the resources usage.</p></li>
<li><p>Who is responsible for this project and eVoting at all?</p>
<p>Simon Rupf. He was kind of inactive the last weeks. But he still takes the e-Voting project.</p></li>
There was a request by Christian Loosli / Moira Bruelisauer to host the application form for the pirate camp this summer. (http://wiki.piratenpartei. ch/wiki/Piratencamp2010)
- How do we want to handle those pirate related projects?
- What's the hostname we want to use for this? Some suggestions: sub.piratenpartei.ch/camp2010 / projects.piratenpartei.ch/camp2010 / camp2010.piratenpartei.ch. (Request from the camp orga: camp.piratenpartei.ch)
- Who will administrate such subsites and who will review the code?
- Additionally the camp responsible requested an application for the subscription. The application would be a web from, which can be filled in and submitted by users without technical knowledge. The camp administrators should be able to get a list of subscriptions and to edit this list. In the worst case this could be done directly via SQL, a user friendly form would be nice though. Can this be done by AG DI?
Security for the connection Drupal to LDAP¶
Drupal needs the authority to edit data in the LDAP-database. The integration module comes with two approaches.
- The first one uses a configured user which is stored globally (plain password). This user needs to have wide access to LDAP. A hijacking of this user compromises most of the database (read access to almost everywhere and many fields writeable).
- The second one uses the users password which is stored in plain for the duration of the session. A hijack of one of this accounts gives authority depending on the ACL's in the worst case the account is an admin.
- There is also the possibility that drupal needs no password. This means that every access from the drupals IP have the access described in the first situation.
Which of this solutions should we use? Are there other methods not mentioned yet?