Annotation of bookie/www/setup.html, revision 1.10
1.9 will 1: Setup instructions for compiling and running Bookie:
1.1 will 2:
1.2 will 3: <p>
1.1 will 4: If you're just browsing or don't need to edit files directly, you can look
5: at Bookie through the <a
6: href="http://www.mozdev.org/source/browse/bookie/">web interface</a>.
1.8 will 7:
1.9 will 8: <p>
9: If you want to contribute to Bookie or compile it, then you should grab a
1.4 will 10: CVS <a href="http://www.cvshome.com">client</a> and set up a workspace for bookie.
1.9 will 11: </p>
1.3 will 12:
1.9 will 13: <p>
14: You download bookie by doing this (you only need to login once, the password
15: is guest). Please use the prune option when checking out and updating, since
16: the CVS tree has a lot of dead branches in it.
1.1 will 18:
1.2 will 19: <pre>
1.1 will 20: cvs -d :pserver:email@example.com:/cvs login
1.9 will 21: cvs -d :pserver:firstname.lastname@example.org:/cvs co bookie -P
1.2 will 22: </pre>
1.1 will 23:
1.9 will 24: <p>
25: The java client is in <code>/clients/swing</code>. There is an
26: <a href="http://jakarta.apache.org/ant">ant</a> script that should compile
27: everything. The client depends on Jena, Apache XML-RPC, Log4J and Xerces.
28: All the libraries should be available in lib. The client's main class is
1.8 will 31:
1.9 will 32: <p>
33: The java server is in <code>/server</code>. Again, the
34: <a href="http://jakarta.apache.org/ant">ant</a> script that should compile
35: everything. The server currently depends on JTidy, Marquee XML-RPC,
36: Jisp, Servlet 2.2, Log4J, and Xerces, which are all available in lib. The
37: server's main class is <code>com.tersesystems.bookie.service.xmlrpc.BookieServlet</code>.
1.4 will 39:
1.9 will 40: <p>
41: The server will create four files on initialization in the current directory:
43: <li>profile.db - a database of profile information.</li>
44: <li>profile.idx - an index of profile.db</li>
45: <li>bookmarks.db - a database of bookmarks information.</li>
46: <li>bookmarks.idx - an index of bookmarks.db</li>
48: These databases contain all the information needed for the server to work. Deleting
49: these files will cause the server to start off fresh.
1.7 will 51:
1.9 will 52: <p>
53: The server also starts up with a large amount of debugging information. You can
54: override the default configuration by specifying the log4j configuration file on
55: the command line with <code>-Dlog4j.configuration=minimal.txt</code> where the
56: file <code>minimal.txt</code> contains the following:
1.1 will 58:
1.9 will 59: <pre>
60: # Set root logger level to INFO and its only appender to A1.
61: log4j.rootLogger=INFO, A1
63: # A1 is set to be a ConsoleAppender.
66: # A1 uses PatternLayout.
68: log4j.appender.A1.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
1.1 will 70:
1.9 will 71: <p>
72: The server does not attempt to limit multiple logins on the same account
73: from different servers. However, care should be taken with this feature,
74: as there is no facility to distribute messages between clients that a
75: branch has been deleted.
1.1 will 77:
1.5 will 78: <p>
1.9 will 79: No caching or pre-loading of bookmarks is performed on the server, but
80: performance seems okay for now (and if anything seems bound on the XML
81: processing and IO overhead). Database operations are not transactional.
1.10 ! will 83:
! 84: <p>
! 85: The server uses an MD5 hashed password for authentication of the client.
! 86: Once authenticated, the server maintains a session based off the IP address
! 87: of the client. All data is sent in the clear, and as such the passwords and
! 88: XML-RPC information may be
! 89: <a href="http://www.robertgraham.com/pubs/sniffing-faq.html">packet sniffed</a>.
! 90: Even if the attacker does not know
! 91: the clear-text password, he can still send the MD5 hash to be authenticated as
! 92: the user. Unfortunately, XML-RPC does not cover
! 93: <a href="http://www.strongsec.com/tutorials/security.htm">security</a> and session management
! 94: very well; if there are any new RFCs I would love to hear about them. One
! 95: possible RFC is <a href="http://jimfl.tensegrity.net">Jim Flanagan's</a>
! 96: <a href="http://jimfl.tensegrity.net/xmlrpc/">proposal</a>, but this requires
! 97: the use of <a href="http://www.ietf.org/rfc/rfc2617.txt">HTTP digest
! 98: authentication</a>, which I believe most clients don't
! 99: support.
! 100: </p>