[nycphp-talk] XML & XSLT problem
Edward
Consult at CovenantEDesign.com
Mon Feb 28 20:42:30 EST 2005
I've been trying to transorm some XML on the fly and for whatever reason I
keep getting XML errors... I don't find anything wrong with the xml files
though. I've tried both local and remote files too...still no luck
nat.xml
Warning: Sablotron error on line none: cannot open file
'/hsphere/local/home/skoilnog/edwardprevost.info/PHPStuff/html_style.xsl' in
http://www.edwardprevost.info/PHPStuff/XMLMaker.inc on line 8
Unknown error building web page from XML & XSLT sources. The reason is that
cannot open file
'/hsphere/local/home/skoilnog/edwardprevost.info/PHPStuff/html_style.xsl'
and the error code is 4
The variable magically echos out, but the xslt_process() never runs the
container. Weird.
Anyway here are the files I've been using. Any help would be much
appreciated as xsl and xslt is relatively new to me.
www.EdwardPrevost.info/testing.php
www.EdwardPRevost.info/PHPStuff/
Thanks in advance guys!
Edward JS Prevost II
Me at EdwardPrevost.info
www.EdwardPrevost.info
----- Original Message -----
From: "Hans Zaunere" <lists at zaunere.com>
To: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Sunday, February 27, 2005 10:43 PM
Subject: RE: [nycphp-talk] Safely running root commands
> > I've thought of three ways to do it: 1) have the sysadmin create a sudo
> > user that can run the given commands with no password, 2) create a
> > sudo user and store his name and password outside of the document root,
> > or 3) write some C wrappers and set them suid. I'm not crazy about any
> > of these solutions.
>
> When faced with these options, I would choose #1.
The simplest and most straight forward would probably be number 1 or 2 - but
then don't forget that sudo is basically like giving them root for that
command. If that command can modify, the sudo can too.
3) is probably the safest if written well, but then there lies the trick :)
For complex root operations, like filesystem stuff, I hand commands off to a
very simple and carefully written daemon that runs as root. The daemon only
accepts very specific commands and responds accodringly. This is actually
similar to option 3, except that the apache process is "further" away from
the infamous UID 0 in many ways.
> > Anybody else have a better idea?
>
> Well back in the old days I would copy the binaries required (when
> possible) to a separate path for the httpd/apache user, but I was
> always very careful to restrict what the apache user could do.
>
> Your OS on the server may also provide some extra protection (chroot
> jails etc.). I'm definitely interested to see what everyone else would
> do in this situation.
Since the scope of root operations needed in this case seem limited, I'd
avoid root all together. How about a cronjob that dumps the info you need
to a database, or even a file? Or a queue system, where jobs are queued by
apache, and a cronjob wakes up every so often to fill the queue with a
response? There might be some delay, but depending on the load you expect,
it might be insignificant.
---
Hans Zaunere
President, Founder
New York PHP
http://www.nyphp.org
AMP Technology
Supporting Apache, MySQL and PHP
_______________________________________________
New York PHP Talk Mailing List
AMP Technology
Supporting Apache, MySQL and PHP
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org
More information about the talk
mailing list