Akelos Framework v1 forum archive. This forum is no longer maintained. To report bugs please visit https://github.com/akelos/akelos/issues
    • CommentAuthorribamar
    One of the things i most like in ruby on rails is that it's completely userland friendly. Given a database (which in most part of the cases depends on an administrator granting permissions) one can develop an entire application in userland and just care about priviliges when putting it into production. You know, a lot of companies and universities imposes strong restrictions on the programmers and those tools that may eliminate security issues are very likely to gain more success.

    Though I wanted to be wrong, the same doesn't seem to happen exactly with akelos -- I was setting an application in my $HOME/public_html via the akelos' web wizard and got the "File handling settings." failure. I understand and of course approve that the apache shouldn't touch my home, but ... what does go with the webrick that it can handle everything it needs transparently in user space and can't akelos (ok, via apache) do? Does Akelos really need an webbrick replacement to work in that way? Can't such filesystem touches be done in /tmp for example? After all, my real question is: is such a security issues source really worthy to Akelos?

    Maybe I should have disclaimed this before anything: I believe such a discussion may help akelos to move forward (or at least for me to understand better the design choices of akelos),and didn't start it to say that Akelos isn't a great software =)

    It all depends on the user who owns the web server process.

    On webrick the server process is owned by a regular user account.

    You could achieve the same is you started Apache/LightHTTPd as your own user using on a port above 1024