Annotation of bookie/www/setup.html, revision 1.13

1.12      will        1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
                      2: <html>
                      3: <head>
                      4:   <title></title>
                      5: </head>
                      6: <body>
                      7: Setup instructions for compiling and running Bookie: 
                      8: <p>If you're just browsing or don't need to edit files directly, you can
                      9: look at Bookie through the <a
                     10:  href="http://www.mozdev.org/source/browse/bookie/">web interface</a>. </p>
                     11: <p>If you want to contribute to Bookie or compile it, then you should grab
                     12: a CVS <a href="http://www.cvshome.com">client</a> and set up a workspace
                     13: for bookie.</p>
                     14: <p>You download bookie by doing this (you only need to login once, the password
1.9       will       15: is guest).  Please use the prune option when checking out and updating, since
1.12      will       16: the CVS tree has a lot of dead branches in it.</p>
1.13    ! will       17: <code> cvs -d :pserver:guest@mozdev.org:/cvs login<br></code>
        !            18: <code>cvs -d :pserver:guest@mozdev.org:/cvs co bookie<br></code>
1.12      will       19: <p>The java client is in <code>/clients/swing</code>.  There is an<a
                     20:  href="http://jakarta.apache.org/ant">ant</a> script that should compile everything.
                     21:  The client depends on Jena, Apache XML-RPC, Log4J and Xerces. All the libraries
                     22: should be available in lib.  The client's main class is<code>com.tersesystems.bookie.client.Client</code>.
                     23:  Downloading<a href="http://tersesystems.com/bookie/client.jar">client.jar</a>
                     24: will give you the classes, source code and javadoc to play with.</p>
                     25: <p>The java server is in <code>/server</code>.  Again, the<a
                     26:  href="http://jakarta.apache.org/ant">ant</a> script that should compile everything.
                     27:  The server currently depends on JTidy, Marquee XML-RPC,  Jisp, Servlet 2.2,
                     28: Log4J, and Xerces, which are all available in lib.  The server's main class
                     29: is <code>com.tersesystems.bookie.service.xmlrpc.BookieServlet</code>.</p>
                     30: <p>  The server will create four files on initialization in the current directory:
                     31:   </p>
                     32: <ul>
1.9       will       33:     <li>profile.db - a database of profile information.</li>
                     34:     <li>profile.idx - an index of profile.db</li>
                     35:     <li>bookmarks.db - a database of bookmarks information.</li>
                     36:     <li>bookmarks.idx - an index of bookmarks.db</li>
1.12      will       37:   
                     38: </ul>
                     39:   These databases contain all the information needed for the server to work.
                     40:  Deleting   these files will cause the server to start off fresh. 
                     41: <p>  The server does not attempt to limit multiple logins on the same account
1.9       will       42:   from different servers.  However, care should be taken with this feature,
1.12      will       43:   as there is no facility to distribute messages between clients that a  
                     44:  branch has been deleted.  </p>
                     45: <p>  Bookmarks are cached on the server, but since bookmarks are unique to
                     46:   each client this isn't that much of a win.  Performance seems okay for
                     47: now    (and if anything seems bound on the XML    processing and IO overhead).
                     48:  Database operations are not transactional.</p>
                     49: <p>  The server uses an MD5 hashed password for authentication of the client.
1.10      will       50:   Once authenticated, the server maintains a session based off the IP address
1.12      will       51:   of the client.  All data is sent in the clear, and as such the passwords
                     52: and   XML-RPC information may be    <a
                     53:  href="http://www.robertgraham.com/pubs/sniffing-faq.html">packet sniffed</a>.
                     54:   Even if the attacker does not know   the clear-text password, he can still
                     55: send the MD5 hash to be authenticated as   the user.  Unfortunately, XML-RPC
                     56: does not cover    <a
                     57:  href="http://www.strongsec.com/tutorials/security.htm">security</a> and
                     58: session management   very well; if there are any new RFCs I would love to
                     59: hear about them.  One   possible RFC is <a
                     60:  href="http://jimfl.tensegrity.net">Jim Flanagan's</a>    <a
                     61:  href="http://jimfl.tensegrity.net/xmlrpc/">proposal</a>, but this requires
                     62:   the use of <a href="http://www.ietf.org/rfc/rfc2617.txt">HTTP digest  
1.13    ! will       63:  authentication</a>, which I believe most clients don't support.</p>
1.12      will       64: <br>
                     65: </body>
                     66: </html>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>