Ticket #369 (new enhancement)

Opened 5 years ago

Last modified 4 years ago

DAR management GUI

Reported by: claris Owned by: claris
Priority: minor Milestone:
Component: External: Actor Registry Version: baseline
Keywords: Cc: ibaldin, vjo, wardag31

Description

Add rescan capability so that actors show up on the interface as they are registered to the couchdb instance. At the moment it requires "Reloading" and clicking "Edit" again.

Change History

  Changed 5 years ago by ibaldin

  • component changed from Don't Know to External: Actor Registry

... and/or add http refresh

  Changed 5 years ago by ibaldin

Another problem with the management GUI is this PHP file (GetActorsData?.php):

(login and password replace real login and password in the db)

<?php
$actorsCmd = './getActors.sh ' . $_POSTserver? . ' login password actor';
$actors = shell_exec($actorsCmd);
echo $actors;
?>

This is dangerous, because login and password are visible in the process list to anyone who can do ps on control.exogeni.net. Instead of passing login and password as command-line parameters, the bash script should take them as environment variables that can then be set by the PHP script invoking it.

  Changed 5 years ago by ibaldin

This bash-related CVE is of interest here: need to find a way to protect the execution of this script

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

  Changed 5 years ago by ibaldin

  • cc vjo added

follow-up: ↓ 6   Changed 5 years ago by ibaldin

Other wishlist

  1. Search for actor names (and maybe guids) - return multiple matches
  2. In general the current approach of calling bash from PHP is probably not the best (or most secure). We should find someone with PHP expertise to write it natively (for security and performance reasons). I don't know who that might be - perhaps a student.

in reply to: ↑ 5   Changed 5 years ago by claris

Replying to ibaldin:

Other wishlist

1. Search for actor names (and maybe guids) - return multiple matches
2. In general the current approach of calling bash from PHP is probably not the best (or most secure). We should find someone with PHP expertise to write it natively (for security and performance reasons). I don't know who that might be - perhaps a student.

#2 has been addressed. PHP native calls only.

in reply to: ↑ description   Changed 5 years ago by claris

Rescan capability has been implemented.
Replying to claris:

Add rescan capability so that actors show up on the interface as they are registered to the couchdb instance. At the moment it requires "Reloading" and clicking "Edit" again.

  Changed 5 years ago by claris

Left to do:
1- Regex search
2- Password mgmt.
3- Read master/slave servers from file or environment variable.

  Changed 5 years ago by claris

Bug introduced in last update. Verification REST call not being invoked. Verify through the the Couchdb Mgmt API in the mean time.

  Changed 4 years ago by claris

I have redesigned the DAR GUI. The latest code has been uploaded to control.exogeni.net. I currently have an issue with not being able to access index.html from the browser.I changed the permissions on the file without success. Still trying. However the GUI has been tested already in a different location. Currently there seem to be a performance issue when fetching all the actors from the server. It is not clear to me where the bottleneck is --certainly in the server but I don't know if the proxy or the couchdb layer behind. This does not impact correctness though.

  Changed 4 years ago by claris

Actually, I am supposed to get prompted for my username and password (since Jonathan configured access to work with LDAP). I am not being asked for my username and password as it is supposed to.

  Changed 4 years ago by claris

The only major thing left here is to work on the performance of the fetch function in parallel to #388.
The other feature requested was a regex search (thanks Ilya!). I am putting that feature at the end of the list for now.

  Changed 4 years ago by ibaldin

Is there a new code for GUI that's ready to be used?

  Changed 4 years ago by claris

No, I have not touched this code since I got back. I will get back to it late this week. I plan to look into the fetch performance. Anything else?

  Changed 4 years ago by ibaldin

Well, the important thing is that Victor and Adam can use it successfully.

  Changed 4 years ago by ibaldin

  • cc ibaldin, wardag31 added; ibaldin@…, anirban@… removed
Note: See TracTickets for help on using tickets.