1: Setup instructions for compiling and running Bookie:
4: If you're just browsing or don't need to edit files directly, you can look
5: at Bookie through the <a
6: href="http://www.mozdev.org/source/browse/bookie/">web interface</a>.
9: If you want to contribute to Bookie or compile it, then you should grab a
10: CVS <a href="http://www.cvshome.com">client</a> and set up a workspace for bookie.
14: You download bookie by doing this (you only need to login once, the password
15: is guest). Please use the prune option when checking out and updating, since
16: the CVS tree has a lot of dead branches in it.
20: cvs -d :pserver:firstname.lastname@example.org:/cvs login
21: cvs -d :pserver:email@example.com:/cvs co bookie -P
25: The java client is in <code>/clients/swing</code>. There is an
26: <a href="http://jakarta.apache.org/ant">ant</a> script that should compile
27: everything. The client depends on Jena, Apache XML-RPC, Log4J and Xerces.
28: All the libraries should be available in lib. The client's main class is
33: The java server is in <code>/server</code>. Again, the
34: <a href="http://jakarta.apache.org/ant">ant</a> script that should compile
35: everything. The server currently depends on JTidy, Marquee XML-RPC,
36: Jisp, Servlet 2.2, Log4J, and Xerces, which are all available in lib. The
37: server's main class is <code>com.tersesystems.bookie.service.xmlrpc.BookieServlet</code>.
41: The server will create four files on initialization in the current directory:
43: <li>profile.db - a database of profile information.</li>
44: <li>profile.idx - an index of profile.db</li>
45: <li>bookmarks.db - a database of bookmarks information.</li>
46: <li>bookmarks.idx - an index of bookmarks.db</li>
48: These databases contain all the information needed for the server to work. Deleting
49: these files will cause the server to start off fresh.
53: The server also starts up with a large amount of debugging information. You can
54: override the default configuration by specifying the log4j configuration file on
55: the command line with <code>-Dlog4j.configuration=minimal.txt</code> where the
56: file <code>minimal.txt</code> contains the following:
60: # Set root logger level to INFO and its only appender to A1.
61: log4j.rootLogger=INFO, A1
63: # A1 is set to be a ConsoleAppender.
66: # A1 uses PatternLayout.
68: log4j.appender.A1.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
72: The server does not attempt to limit multiple logins on the same account
73: from different servers. However, care should be taken with this feature,
74: as there is no facility to distribute messages between clients that a
75: branch has been deleted.
79: No caching or pre-loading of bookmarks is performed on the server, but
80: performance seems okay for now (and if anything seems bound on the XML
81: processing and IO overhead). Database operations are not transactional.
85: The server uses an MD5 hashed password for authentication of the client.
86: Once authenticated, the server maintains a session based off the IP address
87: of the client. All data is sent in the clear, and as such the passwords and
88: XML-RPC information may be
89: <a href="http://www.robertgraham.com/pubs/sniffing-faq.html">packet sniffed</a>.
90: Even if the attacker does not know
91: the clear-text password, he can still send the MD5 hash to be authenticated as
92: the user. Unfortunately, XML-RPC does not cover
93: <a href="http://www.strongsec.com/tutorials/security.htm">security</a> and session management
94: very well; if there are any new RFCs I would love to hear about them. One
95: possible RFC is <a href="http://jimfl.tensegrity.net">Jim Flanagan's</a>
96: <a href="http://jimfl.tensegrity.net/xmlrpc/">proposal</a>, but this requires
97: the use of <a href="http://www.ietf.org/rfc/rfc2617.txt">HTTP digest
98: authentication</a>, which I believe most clients don't