File:  [mozdev] / bookie / www / setup.html
Revision 1.12: download - view: text, annotated - select for diffs - revision graph
Sun Jul 14 09:36:35 2002 UTC (16 years, 10 months ago) by will
Branches: MAIN
CVS tags: HEAD
Add some more files in.

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Setup instructions for compiling and running Bookie: 
<p>If you're just browsing or don't need to edit files directly, you can
look at Bookie through the <a
 href="">web interface</a>. </p>
<p>If you want to contribute to Bookie or compile it, then you should grab
a CVS <a href="">client</a> and set up a workspace
for bookie.</p>
<p>You download bookie by doing this (you only need to login once, the password
is guest).  Please use the prune option when checking out and updating, since
the CVS tree has a lot of dead branches in it.</p>
<pre> cvs -d login<br> cvs -d co bookie -P<br></pre>
<p>The java client is in <code>/clients/swing</code>.  There is an<a
 href="">ant</a> script that should compile everything.
 The client depends on Jena, Apache XML-RPC, Log4J and Xerces. All the libraries
should be available in lib.  The client's main class is<code>com.tersesystems.bookie.client.Client</code>.
 Downloading<a href="">client.jar</a>
will give you the classes, source code and javadoc to play with.</p>
<p>The java server is in <code>/server</code>.  Again, the<a
 href="">ant</a> script that should compile everything.
 The server currently depends on JTidy, Marquee XML-RPC,  Jisp, Servlet 2.2,
Log4J, and Xerces, which are all available in lib.  The server's main class
is <code>com.tersesystems.bookie.service.xmlrpc.BookieServlet</code>.</p>
<p>  The server will create four files on initialization in the current directory:
    <li>profile.db - a database of profile information.</li>
    <li>profile.idx - an index of profile.db</li>
    <li>bookmarks.db - a database of bookmarks information.</li>
    <li>bookmarks.idx - an index of bookmarks.db</li>
  These databases contain all the information needed for the server to work.
 Deleting   these files will cause the server to start off fresh. 
<p>  The server does not attempt to limit multiple logins on the same account
  from different servers.  However, care should be taken with this feature,
  as there is no facility to distribute messages between clients that a  
 branch has been deleted.  </p>
<p>  Bookmarks are cached on the server, but since bookmarks are unique to
  each client this isn't that much of a win.  Performance seems okay for
now    (and if anything seems bound on the XML    processing and IO overhead).
 Database operations are not transactional.</p>
<p>  The server uses an MD5 hashed password for authentication of the client.
  Once authenticated, the server maintains a session based off the IP address
  of the client.  All data is sent in the clear, and as such the passwords
and   XML-RPC information may be    <a
 href="">packet sniffed</a>.
  Even if the attacker does not know   the clear-text password, he can still
send the MD5 hash to be authenticated as   the user.  Unfortunately, XML-RPC
does not cover    <a
 href="">security</a> and
session management   very well; if there are any new RFCs I would love to
hear about them.  One   possible RFC is <a
 href="">Jim Flanagan's</a>    <a
 href="">proposal</a>, but this requires
  the use of <a href="">HTTP digest  
 authentication</a>, which I believe most clients don't   support.</p>

FreeBSD-CVSweb <>