[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: automated software packaging and release scripts?

From: Ken Liu <ken.liu_at_gmail.com>
Date: 2007-12-14 17:09:51 CET

I you want a more elegant solution, you may want to look into Capistrano (
http://www.capify.org/). It can do a lot more than just ftp files - you can
do things like deploy a tagged version of your web site and roll it
back easily if there are problems.

It requires you to have ssh on your server though.

If you are really concerned about security, use SFTP, not FTP. (and ssh
instead of telnet, FWIW)

I personally would only turn to makefiles as a last ditch solution
(<shudder>).

Ken

On 12/6/07, Reuben Avery <reuben@swirl.net> wrote:
>
> Thanks for all the great tips, everyone!
>
> Now time to roll up my sleeves and get into remembering how the heck
> makefiles work.. :-)
>
>
> On 12/6/07 12:24 PM, "Reedick, Andrew" <jr9445@ATT.COM> wrote:
> > If you want anyone to be able to ftp:
> >
> > If you're on unix, look into using sudo. Lock down the passwords in a
> > file readable only by a privileged user. Sudo runs the ftp script as
> > the privileged user which can read the file. This way anyone can run
> > the ftp script without knowing the passwords.
> >
> > Windows may or may not have a sudo equivalent. Talk to your admin.
> > Worst case, you have a script called by a scheduled task that watches a
> > directory, ftp's any file it sees, and deletes the file. All scripts
> > and the scheduled task are readable only by a privileged user.
> >
> >
> > Side note: if the developers have write access to the makefile, ant,
> > ant tasks, and deploy scripts, then, from a security standpoint, it
> > probably doesn't matter if the password is stored in plaintext or not.
> > (They could Trojan the ant task and grab the password.) So if you're
> > locking down passwords, then you also need to run trusted copies of ant,
> > the ant tasks, the deploy scripts, etc. from a locked down directory.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
Received on Fri Dec 14 17:10:25 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.