Ticket #545 (new enhancement)
GetEnv() revisited AKA "Relocatable Wikka"
|Reported by:||JavaWoman||Owned by:||JavaWoman|
|Severity:||normal||Keywords:||security, "multiple installations", cookie|
Description (last modified by JavaWoman) (diff)
Since the start of Wikka (I think) the startup file wikka.php has supported an environment variable 'WAKKA_CONFIG' that allowed an admin to point to a configuration file in a different location that the default one (the installation directory).
This has two advantages:
- The configuration file can be moved outside the webroot (providing security when PHP isn't active: the file can not be viewed from a browser then)
- The configuration file could be shared between different Wikka installations
Unfortunately, GetEnv() itself has security issues, which we addressed in security release 126.96.36.199 by replacing the environment variable with an optional defined constant. However, this would require an admin to edit the wikka.php file.
Taking the original idea a step further though, it would be desirable to:
- Allow more files to be shared between installations
- Allow more files to be moved outside the webroot
- Provide an easy way for admins to override default paths, with any edits as localized as possible
The solution would be to take the idea as implemented in 188.8.131.52 a little further and provide a little external file that only needs to be edited for paths to allow an admin to override the default paths. In fact, development of 1.1.7 (currently trunk) has already made multiple overrides desirable since the default configuration is now also stored in an external file: obviously that path needs to be overridable as well.
This makes #470 (milestone 1.1.7) a subticket of this one; I'm giving this a 1.1.7. milestone as well. (Component is a little hazy but I'll assign it to architecture - please correct if you know a better one!)
See Relocating or Sharing a Wikka installation for more background and use cases.