[thelist] automatic code updates with PHP
Mike Migurski
mike at saturn5.com
Tue Nov 12 15:27:01 CST 2002
>> I think a good way is via rsync: if you rsync over an ssh connection then
>> no cleartext vulnerabilites are introduced, and you can manage updates to
>> their machines remotely.
>
>There is no way users will give the provider of some handy software an
>SSH connection to their servers. Maybe to clarify: these are not web dev
>clients, these are people who will download some software and install
>it. (think Moveabletype)
So use the CVS option.
Or have them give you a crippled shell account that only accesses the
code, and not the data.
Either way, if you want to be able to update code on your client's
machine, then your client will need to give you *some* access to their
servers, whether that comes in the form of a user account or simply the
trust that needs to be there when they type 'cvs up' and assume that you
haven't added something malicious to the code.
I gave two potential solutions - one gives your client control and choice,
the other give you control and choice. It sounds like you're really stuck
on this eval() idea, which is fine, but I can think of a million reasons
why it would be a pain to work with, especially given that rsync and cvs
*already do what you need to do*, and much more efficiently, too.
-mike.
---------------------------------------------------------------------
michal migurski- contact info and pgp key:
http://www.saturn5.com/mike/contact.html
"Freedom! Horrible, horrible freedom!"
More information about the thelist
mailing list