Hey gang,
I've been thinking about this for a few days. I find that I'll get an idea for code in my head, but not always be in a good spot (e.g. have the correct software to edit/upload new files to the webserver) to test it out. I've turned it over in my head, and I know many sites have some sort of online code editor that allows you to open up files and edit them, thus giving me a central location for code storage and editing when need be.
I know Google now has http://code.google.com that allows you to create a project, release versions, track bugs, check out code, etc. However, from what I can tell, it doesn't have any central editor that would allow me or anyone else in my situation to edit code from anywhere
My REAL question is, what kind of security issues would this raise? I don't think I'd have any problem finding, or even writing a simple file editing system on my own, however I want to make sure that only priveleged users can edit the code without raising huge security risks that could potentially mess up the whole project
Obviously, backups would be made, file "drafts" could be imposed, and final revisions would not be published without an authorized go ahead (for this code editor, at least). Regardless, there are some large security issues anytime you allow files to be remotely edited.
Thoughts?
UPDATE: Am I being too paranoid? I know paranoia and programming make a good pair, but there's obviously a point where too much paranoia is just a waste of time and can even lead to bigger problems (ie: being so engulfed in the little things one forgets to take a look at the big picture and say, forgets to make that last check at the code to make sure use CGI::Carp qw[fatalsToBrowser]; is commented out.)...
CountZero
"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
You can add to the security by only allowing connections from trusted IP-sources; allow passwords only a limited lifetime; have different levels of access; ...
CountZero
"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
Good ideas, i have a problem with trusted IPs though, because I can guarantee not all the priveleged users are going to have static IPs (unless I'm missing something, in which case you don't have to have a static IP to be able to authorize via IP...). I know CGI::Session has an IP flag that checks for a change in IP during the session which would definitely be nice.
And by limiting password life, would you suggest emailing the priveleged user a new generated password every...week or so? something like that? or something even more often or secure?
I was thinking of forcing the user to choose a new password every so often. Usually it is done right after logging in and before the user is allowed further access (otherwise, they tend to "forget" to change the password later).
CountZero
"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
Ah I didn't even think of that.
So have them login, then force them to choose a new password, and as an additional security precaution, maybe have them enter their current password along with their new one? (much like when changing your password on here, i believe)
CountZero
"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
Much appreciated :-)
without searching off the top of your head, do you know of any preexisting packages that take care of this for me? or would it be simpler just to roll my own?
CountZero
"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
It doesn't have an editor because they provide a Subversion repository for you to store your code. You check out a copy (over SSL, authenticating with your password) to your local machine and make changes however you want. When you're ready to commit changes, they get pushed back to the SVN repository (again over SSL authenticating itself).
There's no editor because it's outside the scope of what they're providing. Not to mention editing code in a browser's going to be bletcherous and painful compared to what you can do outside of one (I mean even vim would look good . . . :).
I realize that, the whole point of me posting this is to be able to access and edit my code remotely WITHOUT having the appropriate software on the computer.
Bletcherous, disgusting, unworthy of being looked upon, yes, but I need something for when I'm away from a suitable computer.
CountZero
"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
That's what USB keyfob drives are for. Put a copy of your favourite development environment on it and you're set. Between that and a business card sized Linux CD of your favourite flavour you'll be good to go pretty much anywhere.
And you could setup an SSH Java applet somewhere for that small percentage of boxen you wouldn't be able to use that on.
i just got a USB drive the other day too! :-D excellent...I can't believe I didn't think of that. Will Knoppix come in one of those business card sized CDs? or better yet, go onto a USB drive so i can run it from there?