Annotation of bookie/www/setup.html, revision 1.10

1.9       will        1: Setup instructions for compiling and running Bookie:
1.1       will        2: 
1.2       will        3: <p>
1.1       will        4: If you're just browsing or don't need to edit files directly, you can look
                      5: at Bookie through the <a
                      6: href="http://www.mozdev.org/source/browse/bookie/">web interface</a>.
1.8       will        7: 
1.9       will        8: <p>
                      9: If you want to contribute to Bookie or compile it, then you should grab a
1.4       will       10: CVS <a href="http://www.cvshome.com">client</a> and set up a workspace for bookie.
1.9       will       11: </p>
1.3       will       12: 
1.9       will       13: <p>
                     14: You download bookie by doing this (you only need to login once, the password
                     15: is guest).  Please use the prune option when checking out and updating, since
                     16: the CVS tree has a lot of dead branches in it.
                     17: </p>
1.1       will       18: 
1.2       will       19: <pre>
1.1       will       20:  cvs -d :pserver:guest@mozdev.org:/cvs login
1.9       will       21:  cvs -d :pserver:guest@mozdev.org:/cvs co bookie -P
1.2       will       22: </pre>
1.1       will       23: 
1.9       will       24: <p>
                     25: The java client is in <code>/clients/swing</code>.  There is an
                     26: <a href="http://jakarta.apache.org/ant">ant</a> script that should compile
                     27: everything.  The client depends on Jena, Apache XML-RPC, Log4J and Xerces.
                     28: All the libraries should be available in lib.  The client's main class is
                     29: <code>com.tersesystems.bookie.client.Client</code>.
                     30: </p>
1.8       will       31: 
1.9       will       32: <p>
                     33: The java server is in <code>/server</code>.  Again, the
                     34: <a href="http://jakarta.apache.org/ant">ant</a> script that should compile
                     35: everything.  The server currently depends on JTidy, Marquee XML-RPC, 
                     36: Jisp, Servlet 2.2, Log4J, and Xerces, which are all available in lib.  The
                     37: server's main class is <code>com.tersesystems.bookie.service.xmlrpc.BookieServlet</code>.
                     38: </p>
1.4       will       39: 
1.9       will       40: <p>
                     41:   The server will create four files on initialization in the current directory:
                     42:   <ul>
                     43:     <li>profile.db - a database of profile information.</li>
                     44:     <li>profile.idx - an index of profile.db</li>
                     45:     <li>bookmarks.db - a database of bookmarks information.</li>
                     46:     <li>bookmarks.idx - an index of bookmarks.db</li>
                     47:   </ul>
                     48:   These databases contain all the information needed for the server to work.  Deleting
                     49:   these files will cause the server to start off fresh.  
                     50: </p>
1.7       will       51: 
1.9       will       52: <p>
                     53:   The server also starts up with a large amount of debugging information.  You can
                     54:   override the default configuration by specifying the log4j configuration file on
                     55:   the command line with <code>-Dlog4j.configuration=minimal.txt</code> where the 
                     56:   file <code>minimal.txt</code> contains the following:
                     57: </p>
1.1       will       58: 
1.9       will       59: <pre>
                     60:     # Set root logger level to INFO and its only appender to A1.
                     61:     log4j.rootLogger=INFO, A1
                     62:       
                     63:     # A1 is set to be a ConsoleAppender. 
                     64:     log4j.appender.A1=org.apache.log4j.ConsoleAppender
                     65:       
                     66:     # A1 uses PatternLayout.
                     67:     log4j.appender.A1.layout=org.apache.log4j.PatternLayout
                     68:     log4j.appender.A1.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
                     69: </pre>
1.1       will       70: 
1.9       will       71: <p>
                     72:   The server does not attempt to limit multiple logins on the same account
                     73:   from different servers.  However, care should be taken with this feature,
                     74:   as there is no facility to distribute messages between clients that a 
                     75:   branch has been deleted.  
                     76: </p>
1.1       will       77: 
1.5       will       78: <p>
1.9       will       79:   No caching or pre-loading of bookmarks is performed on the server, but
                     80:   performance seems okay for now (and if anything seems bound on the XML 
                     81:   processing and IO overhead).  Database operations are not transactional.
                     82: </p>
1.10    ! will       83: 
        !            84: <p>
        !            85:   The server uses an MD5 hashed password for authentication of the client.
        !            86:   Once authenticated, the server maintains a session based off the IP address
        !            87:   of the client.  All data is sent in the clear, and as such the passwords and
        !            88:   XML-RPC information may be 
        !            89:   <a href="http://www.robertgraham.com/pubs/sniffing-faq.html">packet sniffed</a>. 
        !            90:   Even if the attacker does not know
        !            91:   the clear-text password, he can still send the MD5 hash to be authenticated as
        !            92:   the user.  Unfortunately, XML-RPC does not cover 
        !            93:   <a href="http://www.strongsec.com/tutorials/security.htm">security</a> and session management
        !            94:   very well; if there are any new RFCs I would love to hear about them.  One
        !            95:   possible RFC is <a href="http://jimfl.tensegrity.net">Jim Flanagan's</a> 
        !            96:   <a href="http://jimfl.tensegrity.net/xmlrpc/">proposal</a>, but this requires
        !            97:   the use of <a href="http://www.ietf.org/rfc/rfc2617.txt">HTTP digest 
        !            98:   authentication</a>, which I believe most clients don't
        !            99:   support.
        !           100: </p>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>