LibWeb -- a vanilla web site backend current version: 0.02  
Home | Requirements | Features | Documentation | Downloads | License
  Sourceforge
Control panel
CVS
News
Bug Tracking
Mailing lists
Message forums
Downloads

  Sponsors
SourceForge.net
Documentation:

LibWeb::dot_lwrc

NAME

dot_lwrc - Editing the run control file for LibWeb

DESCRIPTION

You want to edit this file, make it web inaccessible and chmod 600 it. This file contains security sensitive data for your site.

Security, encryption and digest variables

These variables are used for preparing (i.e. when a user logs in), checking (i.e. session-wise) and nullifying (i.e. when a user logs out) authentication cookies.



  • CLASSIC_EXPIRES

    The default is 'Thu, 01-Jan-1970 00:00:01 GMT'. This is used to nullify authentication cookie when a user logs out. Any cookie set with this date will be canceled from the client's browser immediately. Do not edit this unless there is a compelling reason to do so.

  • RAND_RANGE

    The range from which to generate a pseudo-random number. For example, if the range is 999999999, several places in LibWeb that makes use of pseudo-random number will use an integer that is randomly generated between 0 and 999999999. The purpose is to have different web site with LibWeb installed to have different and less predictable behavior in several aspects. Currently only used for generating the dummy authentication cookie (as of LibWeb-0.02). It is also used in the sample login script (lm.cgi) to make things look complicated.

  • MAC_KEY

    HMAC is used for message integrity checks between two parties (in the case for LibWeb, the two parties referred here are your web site and a client web browser), and works in combination with some other Digest algorithm, usually MD5 or SHA-1. The HMAC mechanism is described in RFC 2104. MAC_KEY is the private key. Further explanation is better left to the expert, 

      http://www.w3.org/Security/Faq/wwwsf7.html#Q66

    See also Digest::HMAC which is used by LibWeb::Digest and LibWeb::Session for preparing and checking authentication cookies. The proper size for this key is not well documented.

  • CIPHER_KEY

    You must provide an encryption/decryption key, which can be any series of characters of any length. Internally, the actual key used is derived from the MD5 hash of the key you provide. Read the man page for Crypt::CBC for details. Blowfish is capable of strong encryption and can use key sizes up to 56 bytes (a 448 bit key). You're encouraged to take advantage of the full key size to ensure the strongest encryption possible from that module (Crypt::Blowfish).

  • DIGEST_KEY

    This key is appended to the data from which a digest is to be generated. The purpose is to have different web site with LibWeb installed to have different and less predictable behavior in several aspects of the authentication cookie.

  • CIPHER_ALGORITHM

    The cipher algorithm must be 'Crypt::Blowfish', 'Crypt::DES' or 'Crypt::IDEA' as of LibWeb-0.01.

  • DIGEST_ALGORITHM

    The digest algorithm must be either 'Digest::SHA1' or 'Digest::MD5' as of LibWeb-0.01.

  • CIPHER_FORMAT

    It can be either 'BINARY' or 'HEX'. You should use 'HEX' for the authentication cookie.

  • DIGEST_FORMAT

    It can be 'HEX', 'BINARY' or 'B64'. You should use 'B64' for the authentication cookie.

Debug/fatal message mailing & logging variables



  • DEBUG

    If you want stack traces to be printed to the viewing browser whenever a LibWeb's fatal method is called, assign 1 to it and 0 otherwise. You turn this on/off depending on whether you are debugging your application.

  • FATAL_LOG (new in LibWeb-0.02)

    Absolute path to a log file which records all LibWeb's fatal calls. Assign undef to this variable to disable logging. You may want to turn this on if you have turned IS_MAIL_DEBUG_TO_ADMIN off.

  • IS_MAIL_DEBUG_TO_ADMIN

    If you want stack traces to be sent to ADMIN_EMAIL whenever a LibWeb's fatal method is called, assign 1 to it and 0 otherwise. You may want to turn that off while you are debugging your application.

  • SMTP (new in LibWeb-0.02)

    If you have installed Mail::Sendmail (this is a mandatory pre-requisite for NT servers in order for LibWeb to work properly), LibWeb will first try to use this module to send mails before using the primitive UNIX sendmail (see MAIL_PROGRAM below). SMTP is an ARRAY reference to a list of smtp servers, so if your main server is down, LibWeb tries the next one. If one of your servers uses a special port, add it to the server name with a colon in front, to override the default port (like in smtp.your.server:2525). Defaults are localhost. Leave this unedited and LibWeb will probably do the right thing for you, especially if your server is UNIX alike.

  • MAIL_PROGRAM

    For example, '/usr/sbin/sendmail -t -oi'. Leave this unedited if your server is NT.

  • ADMIN_EMAIL

    E-mail address of your site's administrator.

Users administration variables



  • IS_NOTIFY_ADMIN_WHEN_ADDED_NEW_USER

    Do you want an e-mail to be sent to your site's administrator when a user signs up as a member at your site? Put 1 for yes; 0 otherwise.

  • IS_ALLOW_MULTI_REGISTRATION

    Can one use the same e-mail address to sign up as different users? Put 1 for yes; 0 otherwise.

  • MAX_LOGIN_ATTEMPT_ALLOWED

    How many times do you allow incorrect password to be entered for an existing account? Note that after that maximum is reached (LibWeb basically increments NUM_LOGIN_ATTEMPT in the database for that account), anyone will be completely blocked out from logging in using that particular account even he/she enters the correct password. This number must be smaller than LOGIN_INDICATOR. As of 0.01, you have to reset it to 0 manually in your database after you have received the alert e-mail sent by LibWeb. Note that NUM_LOGIN_ATTEMPT is a column of the USER_LOG_TABLE table in the database.

  • LOGIN_INDICATOR

    NUM_LOGIN_ATTEMPT is set to this value when a user successfully logs into her/his account. Note that when NUM_LOGIN_ATTEMPT is 0, it means that a user is not logged in, if it is any number from 1 to MAX_LOGIN_ATTEMPT_ALLOWED, it means that there is/are unsuccessful attempts, and if this number is equal to LOGIN_INDICATOR, it means that that user has successfully logged in.

  • LOGIN_DURATION_ALLOWED

    There is an encrypted time-stamp on each authentication cookie sent to browsers. Whenever a protected page is requested by an authenticated browser, LibWeb will retrieve the cookie, decrypt the time-stamp and compare it to the current time. If the time difference is bigger than LOGIN_DURATION_ALLOWED (in seconds), LibWeb will automatically logs the user out by nullifying the authentication cookie on remote browser.

SQL database variables



  • IS_DB_ENABLED (new in LibWeb-0.02)

    If you do not use the database API of LibWeb, assign 0 to this variable to prevent LibWeb from generating all sorts of database error message. Assign 1 to it otherwise.

  • DB_SOURCE

    For example, if your database is MySQL, you have installed DBI and the specific driver and the database's name is puffy, then you can assign 'DBI:mysql:puffy' to this value. Read the man page for DBI for details.

  • DB_LOGIN

    Login name for your database.

  • DB_PASS

    Password for your database.

  • DB_OPTIONS

    For example, you can assign {RaiseError => 1, AutoCommit => 1} to this variable. Read the man page for DBI for details.

  • USER_PROFILE_TABLE

    The table name for users' profiles. Default is 'USER_PROFILE'.

  • USER_PROFILE_TABLE_UID

    The column name for user ID in the USER_PROFILE_TABLE. Default is 'UID'.

  • USER_PROFILE_TABLE_NAME

    The column name for users' screen names in the USER_PROFILE_TABLE. Default is 'NAME'.

  • USER_PROFILE_TABLE_PASS

    The column name for users' passwords in the USER_PROFILE_TABLE. Default is 'PASS'.

  • USER_PROFILE_TABLE_EMAIL

    The column name for users' e-mail addresses in the USER_PROFILE_TABLE. Default is 'EMAIL'.

  • USER_LOG_TABLE

    The table name for the table that is responsible for logging users' sign-in time, status, IP and host name. Default is 'USER_LOG'.

  • USER_LOG_TABLE_UID

    The column name for users' ID in the USER_LOG_TABLE. Default is 'UID'.

  • USER_LOG_TABLE_IP

    The column name for users' IPs in USER_LOG_TABLE. Default is 'IP'.

  • USER_LOG_TABLE_HOST

    The column name for users' host name in the USER_LOG_TABLE. Default is 'HOST'.

  • USER_LOG_TABLE_LAST_LOGIN

    The column name for the last login date and time in the USER_LOG_TABLE. Default is 'LAST_LOGIN'.

  • USER_LOG_TABLE_NUM_LOGIN_ATTEMPT

    The column name for the number of login attempt in the USER_LOG_TABLE. Default is 'NUM_LOGIN_ATTEMPT'.

Site's colors and image files' location



  • SITE_1ST_COLOR

    In RGB, for example '#0099CC' (light blue).

  • SITE_2ND_COLOR

    In RGB, for example '#006699' (blue).

  • SITE_3RD_COLOR

    In RGB, for example '#003366' (deep blue).

  • SITE_4TH_COLOR

    In RGB, for example '#FF9900' (orange).

  • SITE_BG_COLOR

    In RGB, for example '#FFFFFF' (white).

  • SITE_TXT_COLOR

    In RGB, for example '#000000' (black).

  • SITE_LIQUID_COLOR1

    In RGB, for example '#E6E6E6' (lighter grey).

  • SITE_LIQUID_COLOR2

    In RGB, for example '#C9C9C9' (light grey).

  • SITE_LIQUID_COLOR3

    In RGB, for example '#9C9C9C' (grey).

  • SITE_LIQUID_COLOR4

    In RGB, for example '#6E6E6E' (dark grey).

  • SITE_LIQUID_COLOR5

    In RGB, for example '#000000' (black).

    Note: Liquid colors are used for shading. For example, even rows of any table listing may be shaded. Some theme constructs use liquid colors as well (e.g. LibWeb::Themes::Default::enlighted_titled_table()). Make sure SITE_TXT_COLOR can be read clearly together with liquid colors (at least for SITE_LIQUID_COLOR1,2 and 3).

  • PIX_URL

    The relative URL of image files. For example, '/img/' (note the trailing slash).

  • SITE_LOGO

    The URL of your site's logo. For example, '/img/logo.png'. This is the image that goes well with your SITE_BG_COLOR. This is necessary because most browsers do not render png images with transparent background. You can ignore this fact if you use gif or jpg.

Miscellaneous site's variables



  • DOC_ROOT

    Do not edit unless there is a compelling reason to do so.

  • URL_ROOT

    Do not edit unless there is a compelling reason to do so.

  • LIB_ROOT

    Deprecated as of LibWeb-0.02.

  • COPYRIGHT

    Deprecated as of LibWeb-0.02.

  • PRIVACY_POLICY

    What is the relative URL of your site's privacy policy?

  • TOS

    What is the relative URL of your site's Terms of Service?

  • CSS

    What is the relative URL of your site's style sheet? A sample is included with the distribution.

  • SITE_NAME

    Your site's name.

  • SITE_DESCRIPTION

    A short description for your site. This will appear in every HTML page.

  • SITE_KEYWORDS

    Keywords for your site. This will appear in every HTML page.

  • SITE_YEAR

    When is your site established?

Site's common applications' URL



  • LM_IN

    Relative URL of your site's login script, e.g. '/cgi-bin/lm.cgi'. This is the page to which LibWeb directs the Web browser in the case where the browser attempts to view a protected page without authentication a priori.

  • LM_OUT

    Relative URL to your site's logout script, e.g. '/cgi-bin/lm.cgi?.a=logout'.


Copyright © 2000-2002 LibWeb.
All trademarks and copyrights on this page are properties of their respective owners. Forum comments are owned by the poster.