[rt-devel] RT2 and mod_perl

[Tobias Brox]

> But Duncan went on to say:
> 
> > > and that that our request tracker database might then have to be
> > > accessible to the uid that the web server runs as.
> 
> Which Tobias did not answer. That's too important a question to duck that
> way.

Well ... yeah, it is - and it's a problematic issue.  The original idea
was to put the perl script setgid, and have the config.pm where the
database password is stored readable only for the rt group.  This breaks a
bit for mod_perl, and might add significal complexity to the
installation (some web servers and mail servers don't like
suid/sgid-scripts, some OSes don't provide it to scripts, etc). I don't
know what the best idea is, though Jesse mumbled something about a
client/server version.

I guess we should discuss the alternatives closer at RTCon.

My old idea about this problem, in general, is that the password from the
user should be used for gaining access to the database, and that ACL
complexity should be handled over to the DBMS.  Actually I even think it
might work for mysql, because mysql have a very fine-grained ACL system
(it's possible to set ACLs for single rows, isn't it?).

> I'm also quite surprised that you are doing development under 5.6.0. That
> doesn't sound like a good way to get something out that will run on the
> thousands (millions?) of sites running earlier versions for years to come.

I have installed 5.6.0, but officially we are to support 5.005.  And you
do have a point, I've already gotten complaints because I've
unknowingly written stuff that only worked for 5.6.0.

-- 
"The trouble with the world is that the stupid are
 cocksure and the intelligent are full of doubt."
- Bertrand Russell