diff options
Diffstat (limited to 'sql-ledger/doc/faq.html')
| -rw-r--r-- | sql-ledger/doc/faq.html | 747 |
1 files changed, 747 insertions, 0 deletions
diff --git a/sql-ledger/doc/faq.html b/sql-ledger/doc/faq.html new file mode 100644 index 000000000..0f6f237ca --- /dev/null +++ b/sql-ledger/doc/faq.html @@ -0,0 +1,747 @@ +<ul> +<p><li><h4>Sub-menus and Apache 2.0</h4> +Some versions of Apache 2.0 (2.0.44+) don't expand sub-menus and generate +a 500 error at various points. This stems from workaround developed for +earlier versions of Apache 2.0. It looks like this workaround must now be +disabled. If you get an error or the sub-menus don't expand edit +SL/Form.pm and comment lines 80-82. +<pre> + # for Apache 2 we escape strings twice +# if (($ENV{SERVER_SOFTWARE} =~ /Apache\/2/) && !$beenthere) { +# $str = $self->escape($str, 1); +# } +</pre> + + +<p><li><h4>About installation</h4> +The easiest is to use the setup.pl script as root. +You don't need to know very much about your system, just login as root, +run 'perl setup.pl' and follow the prompts. +<p>setup.pl does not check for missing software packages and it is your +responsibility to make sure you have the required pieces +installed either from source or from a package supplied with your distro. + +<p>Requirements are clearly indicated in the README file and on the +download page. + + +<p><li><h4>IDENT Authentication failed for user "postgres"</h4> + +This error has everything to do with the way the distros set up +access rights for postgres. They are way too restrictive and leave you +wondering what to do next. + +<p>Do yourself a favour and change authentication in pg_hba.conf to + +<pre> +local all trust</pre> + +<p>until you have figured what all this stuff in pg_hba.conf does. + +<p><b>NOBODY</b>, I repeat, <b>NOBODY</b>, from the Internet will be able to +connect to postgres. You can't even connect from the inside LAN, the only +one who is allowed to connect are clients originating from localhost. + +<p>Read a bit about the different authentication settings and change +them as you see fit. +It is all described in detail in pg_hba.conf + +<p>If you can't find the file, there is a wonderful utility called find. +Use it. +<pre> +# find /usr/local -type f -name 'pg_hba.conf' +</pre> + + +<p><li><h4>DBD-Pg for Mandrake 9.0</h4> +Mandrake did not package a compiled DBD-Pg package again, so install DBD-Pg +from the source package. +Install perl-DBD-Pg-1.01-4mdk.i586.rpm from the 'contrib' area. +(Mandrake / 9.0 / contrib / RPMS) + +<p><li><h4>LaTeX error</h4> +If for some reason LaTeX produces an error message check for strange +characters in your account description and parts description +and use \usepackage[latin1]{inputenc} in the preamble. + + +<p><li><h4>LaTeX templates</h4> +If you don't want to edit tex code by hand, +you could use Lyx, Abiword, or any WYSIWYG editor capable of exporting +latex code. +To do that you must change the tokens for parameters <% and %> to something +like << and >>. % is the comment character in tex. There is also a +pagebreak block which must be commented out. +When you are done with the changes +replace << and >> with <% and %> and uncomment the pagebreak block. + +<p>LaTeX is difficult but it also offers a much superior interface to produce +professionally looking forms in postscript and PDF format. +Unfortunately with power comes some pain too. + + +<p><li><h4>W3M</h4> +pass terminal=mozilla when you start w3m +<pre>$ w3m -F http://localhost/sql-ledger/login.pl?terminal=mozilla</pre> + +To use without frames +<pre>$ w3m http://localhost/sql-ledger/login.pl?terminal=lynx</pre> + +<p><li><h4>PDF option disappeared</h4> +Edit sql-ledger.conf and set $latex = 1; +<br>sql-ledger.conf is perl code, check if it compiles, if it does not +the internal defaults are used which set $latex to 0, hence no PDF option. + +<p><li><h4>SQL-Ledger on Mac Os X 10.1.5</h4> +Jaume Teixi put together +<a href=http://www.rocacorbit.com/techdocs/sql_ledger_os_x.html> +installation instructions</a> to run SL on a Mac. +<br>The instructions are for 1.8.5 however they still apply to any of the +newer versions. + +<p><li><h4>Installation on Windows (WIN32)</h4> +<ul> +<li>install Apache, perl, +<a href=http://techdocs.postgresql.org/guides/InstallingOnWindows>Postgres</a> +or Oracle, DBI and the appropriate DBD +module +<br>if you can't compile DBD-Pg here is a precompiled +<a href=http://www.edmund-mergl.de/export/>DBD-Pg module</a> +<li>download the latest version of <a href=/cgi-bin/nav.pl?page=source/index.html&title=Download>SQL-Ledger</a> +<li>extract the files to c:\apache\sql-ledger +<li>download +<a href=../source/sql-ledger-windows.tar.gz>sql-ledger-windows.tar.gz</a> +and extract the files to c:\apache\sql-ledger + <br>the shebang line is changed to c:\perl\bin\perl and the symlinks + are regular files +<br>answer with 'Yes' to overwrite existing files. +<li>edit c:\apache\conf\httpd.conf and add +<pre> +Alias /sql-ledger/ "C:/apache/sql-ledger/" +<Directory "c:/apache/sql-ledger"> + AllowOverride All + AddHandler cgi-script .pl + Options +ExecCGI + Order Allow,Deny + Allow from All +</Directory> + +<Directory "c:/apache/sql-ledger/users"> + Order Deny,Allow + Deny from All +</Directory> +</pre> + +<li>start Apache +<li>start Postgres|Oracle +<li>connect to http://localhost/sql-ledger/admin.pl and setup users +and datasets +<li>connect to http://localhost/sql-ledger/login.pl and login + +</ul> + +<p><li><h4>Installation on Windows /w cygwin</h4> +<ul> +<li>install <a href=http://sources.redhat.com/cygwin/>cygwin</a> +Apache, perl, postgres, gcc and lynx +<li>install <a href=http://search.cpan.org/search?module=DBI>DBI</a> +<li>tar zxvf DBI-1.30.tar.gz +<li>cd DBI-1.30 +<li>perl Makefile.PL +<li>make install +<li>install <a href=http://search.cpan.org/search?dist=DBD-Pg>DBD-Pg</a> +<li>tar -zxvf DBD-Pg-1.13.tar.gz +<li>export POSTGRES_INCLUDE=/usr/include/postgresql +<li>export POSTGRES_LIB=/usr/lib/postgresql +<li>cd DBD-Pg-1.13 +<li>perl Makefile.PL +<li>make install +<li>edit /etc/apache/httpd.conf and add +<pre> +AddHandler cgi-script .pl +Alias /sql-ledger/ /var/www/sql-ledger/ +<Directory /var/www/sql-ledger> + Options +ExecCGI +</Directory> + +<Directory /var/www/sql-ledger/users> + Order Deny,Allow + Deny from All +</Directory> +</pre> +<li>install SQL-Ledger +<li>cd /var/www +<li>mkdir sql-ledger +<li>download <a href=/cgi-bin/download.pl?setup.pl>setup.pl</a> and save the file +in /var/www/sql-ledger +<li>cd /var/www/sql-ledger +<li>perl setup.pl +</ul> + +<p><li><h4>What do I enter for the language</h4> +If you use English, nothing, if you want to use a foreign language for +the login screen and admin stuff enter the language code. All the +language specific files are in the locale directory. The long form for +the language is in the LANGUAGE file. + +<p><li><h4>Mandrake 9.0 permission denied error</h4> +Mandrake says to add this to your commonhttpd.conf +<pre> +<Directory /usr/local/sql-ledger> + AllowOverride All + Options -MultiViews -Indexes -FollowSymLinks + Order allow,deny + Allow from all +</Directory> + +The way apache starts is it: +Blocks all access to the physical file system / +Opens access to the physical file system /var/www/html +Opens access to the physical file system /var/www/perl +Opens access to the physical file system /var/www/cgi-bin +Opens access to the physical file system /var/www/protected-cgi-bin +Opens access to the physical file system /home/*/public_html +Opens access to the physical file system /home/*/public_html/cgi-bin +Opens access to the physical file system /var/www/icons +Opens access to the physical file system /usr/share/doc + +Since you're trying to access files outside of those allowed paths, you +have to specifically allow it. It's done this way because of some past +exploits with the pathnames. Rather than trust that there will never be +another bug within apache that will let you get somewhere you don't +want, you set it up securely out of the box so that apache won't let +itself go somewhere that you don't want it to. +</pre> + + +<p><li><h4>Incorrect Dataset version</h4> +The dataset you are trying to use is not compatible with the version. +When you upgrade datasets use the same database user in the "User" +field as the one listed in the Database section for the user. + + +<p><li><h4>Mandrake 8.2</h4> +Mandrake did not include the package "perl-DBD-Pg-1.01-1mdk.i586.rpm" +You can install the package from Mandrake 8.1 + + +<p><li><h4>printing to a printer</h4> +Setup a printer in the "Printer" field in the users preferences. +i.e lpr -Plaser +and set $latex = 1 in sql-ledger.conf +LaTeX must be installed for this to work. + +<p>To send the document to the printer check the "Postscript" or "PDF" format, +enter the number of copies and click on the "Print" button. + +<p>The printer field is available only when you edit the user's +preferences with admin.pl. + +<p>Note: html format is for screen preview. Use your browser's +print function. + + +<p><li><h4>beginning balances</h4> +Add a GL Journal entry and enter the beginning balance for your accounts. +Use your balance sheet. If you also want to add open invoices, add the invoices +and make the appropriate adjustments. Your balance sheet includes these +amounts! + + +<p><li><h4>cost for parts and service</h4> +the cost will be updated when you purchase goods and services. You can +enter the cost manually. This is so you can have a cost on file without +making a purchase. + + +<p><li><h4>establish a beginning inventory</h4> +add the parts with a purchase invoice. Use the <b>real cost</b> for the items +not zero. If you use zero cost then the cost of goods will be zero when you +sell the item. + + +<p><li><h4>Assemblies</h4> +Assemblies are manufactured goods assembled from parts, services and +assemblies. Because you do not buy assemblies you 'stock assemblies' by +adding assembled units to your inventory. The quantity for individual parts +is reduced and the quantity for the assembly increased. To disassemble an +assembly you simply return the parts to inventory by entering a negative +quantity for the number of assemblies to stock. + + +<p><li><h4>customizing SQL-Ledger</h4> +The <a href=/cgi-bin/nav.pl?page=feature/api.html&title=Application%20Interface>application interface</a> +consists of a global and private interface. + + +<p><li><h4>DBD-Pg not installed</h4> + +Most modern distributions now package DBD-Pg. If it is +not packaged follow this recipe to get it working. + +<ul> + <li>check if you have the header files for PostgreSQL + <br>$ find / -name 'libpq-fe.h' + <br>if nothing shows up install the development package for PostgreSQL + <li>download and untar DBD-Pg + <li>set the environment variables POSTGRES_LIB and POSTGRES_INCLUDE + <li>cd to DBD-Pg directory + <br>as ordinary user + <br>$ perl Makefile.PL + <br>$ make + <br>$ make test + <br>if all went well su to root + <br># make install + <li>remove DBD-Pg +</ul> + + +<p><li><h4>SuSE 8.1 installation</h4> +<ol> +<li>Install the following using YaST2: + +<p>- perl-DBD-Pg +<br>- postgresql +<br>- postgresql-contrib +<br>- postgresql-devl +<br>- postgresql-docs +<br>- postgresql-libs +<br>- postgresql-perl +<br>- postgresql-server +<br>- postgresql-test + +<p><li>Setup directories and paths for PostgreSQL: + +<p>> sux - (change to root) + +<p>- If not done by the installation, setup disk directory for your db: +<br># mkdir /var/lib/pgsql/data +<br># chown postgres /var/lib/pgsql/data + +<p><li>Initialize the database, and start it, as below: +<p>Note that there are man pages for initdb and pg_ctl. + +<p># touch /var/log/pgsql +<br># chown postgres:postgres /var/log/pgsql +<br># sux postgres + +<p>- Initialize postgres: +<br>> /usr/bin/initdb -D /var/lib/pgsql/data +<br>(creating ... Success...) + +<p>- Start the postgres daemon: +<br>> /usr/bin/pg_ctl -D /var/lib/pgsql/data -l /var/log/pgsql start (start db) +<br>(postmaster successfully started) + +<p><li>Quick-test the server (still as user postgres): + +<p>- > psql -d template1 +<br>(Welcome ... \q to exit psql) +<br>\q + +<p>- Try setting up another db user: + +<p>> createuser <db-user> (<db-user> should match an existing Linux user) +<br>Shall the new user be allowed to create databases? (y/n) y +<br>Shall the new user be allowed to create more new users? (y/n) n + +<p>Unless a problem with DBD::Pg (perl interface), postgres is ready to go. + +<p><li>If a previous sql-ledger database needs to be installed, +<br>do the following as postgres user. Steps for dumping the old db, + and building the new follow: + +<p>> sux postgres +<br>> psql template1 +<br>=# CREATE DATABASE my_database; (create your database) +<br>=# \q +<br>> cd /var/lib/pgsql/backups (assuming your backups are here) +<br>The next command should have been performed earlier from the + previous installed version of postgres and your database: +<br>> pg_dump -d my_database.sql.bak (from previous ver postgres) +<br>> cp my_database.sql.bak my_database.sql +<br>- Use vi to change all occurrances of 'current_date' to current_date + in file my_database.sql . +<br>The vi command for this is :g/'current_date'/s//current_date/g +<br>> psql my_database < my_database.sql > my_database.log +<br>- Check my_database.log for errors. + +<p><li>Download setup.pl and run it as root while on line to the internet: + +<p># mkdir /usr/local/sql-ledger +<br># cd /usr/local/sql-ledger +<br># ./setup.pl +<br>- Enter i +<br>- Enter httpd owner and group if different than displayed default. +<br>(Download occurs and status is displayed...) + +<p><li>Setup the new sql-ledger with database. + +<p>- Surf to http://my_computer/sql-ledger/admin.pl +<br>- Click enter (no password needed). +<br>->Database Administration +<br>- Leave fields Host and Port enpty for local installations. +<br> - Enter your database name in the "Connect to" field. +<br> - Enter the database user you setup (postgres, sql-ledger, etc.) +<br> - Enter a password, only if a password is assigned to the database. +<br> - To update an existing sql-ledger database: ->Update Database +<br> Should see: The following Datasets need to be updated. +<br> ->Continue +<br> Do more admin. You will need to setup at least one login. +<br> To exit: ->Database Admin + +<p><li>See if it works: + +<p> - Surf to http://my_computer/sql-ledger/login.pl +<br> - Enter the login name you just created. Main menu screen should appear. +</ol> + + + +<p><li><h4>Redhat Installation</h4> + +<ul> +<li>Install apache1.3.12-25.i386.rpm +<li>Install perl5.6.0-9.i386.rpm +<li>Install postgresql-7.0.2-17.i386.rpm +<li>Install postgresql-server-7.0.2-17.i386.rpm +<li>Install postgresql-devel-7.0.2-17.i386.rpm (POSTGRES_INCLUDE) +<li>tar xvzf DBI-1.14.tar.gz +<li>cd DBI-1.14 +<li>perl Makefile.PL +<li>make +<li>make install +<li>cd .. +<li>tar xvzf DBD-Pg-0.95 +<li>cd DBD-Pg-0.95 +<li>export POSTGRES_LIB=/usr/lib/pgsql +<li>export POSTGRES_INCLUDE=/usr/include/pgsql +<li>perl Makefile.PL +<li>make +<li>make install +<li>install SQL-Ledger +</ul> + +<p>Some of the applications have newer versions however the installation +instructions remain the same. Just substitute the old version with a newer +version. + + +<p><li><h4>Debian Installation</h4> + +<ul> +<li>unpack into /usr/local/www/sql-ledger +<li>install postgresql (Dselect) +<li>install apache (Dselect) +<li>install libdbi-perl (Dselect) +<li>install libdbd-pg-perl (Dselect) +<li>install libpgperl (Dselect) +<li>modify /etc/postgresql/postgresql.conf + <br>TCPIP_SOCKET = 1 +<li>create a user for managing SQL-Ledger databases +<br>from root +<br>su postgres +<br>$ createuser -d sql-ledger +<br>if you use passwords to access postgres set the user up with a password +<br>$ createuser -d -P sql-ledger +<li>change /etc/apache/httpd.conf and add +<pre> +AddHandler cgi-script .pl +Alias /sql-ledger/ /usr/local/www/sql-ledger/ +<Directory /usr/local/www/sql-ledger> + Options +ExecCGI +</Directory> + +<Directory /usr/local/www/sql-ledger/users> + Order Deny,Allow + Deny from All +</Directory> +</pre> +<li>restart apache +<li>change fileownership of users and templates to www-data + <br>chown www-data: users templates +<li>From browser enter http://localhost/sql-ledger/admin.pl +<li>Login as the postgres user (account manager) you have created (above) +<br>Create a DB +<br>Create users + +<li>then enter http://localhost/sql-ledger/login.pl +<br>Login as one of the users you have just created + +</ul> + +<p> +The long version was provided by Gordon Haverland. +<p> +<ul> +<li>You need to unpack the SQL-Ledger package (compressed tar archive) + someplace. Unpacking it in<pre> + /usr/local/www/sql-ledger.</pre> + Remember where you have unpacked it. +<li>SQL-Ledger requires that the PostgreSQL database be installed. +This is a very full-featured database, and has many associated +packages. SQL-Ledger requires version 7.0 or better. The name +of the basic package on Debian is postgresql. To find if you +already have postgresql installed, and if so what version, the +following command should work:<pre> + dpkg -l | grep -i 'ii postgresql '</pre> + A typical response would be:<pre> + ii postgresql 7.1.3-5 Object....[stuff deleted]</pre> + Indicating, that version 7.1.3 is installed (the -5 is a + Debian patch level). You can use dselect or apt-get to install + postgresql if you need to. You can visit the Debian maintainer's + page for much more information on related packages at<pre> + http://people.debian.org/~elphick/postgresql/</pre> + Older versions of Debian's PostgreSQL installation use a file + called postmaster.init, while newer versions use a file called + postmaster.conf, either residing in /etc/postgresql. +<li>SQL-Ledger requires a HTTP server (or daemon) which is capable of + handling CGI scripts. Apache is the one which is recommended, + version 1.3 or better. Debian calls the base package apache. + Debian has two alternative versions of Apache, one with mod-perl + (apache-perl) support compiled in, and the other with SSL + (secure sockets layer - apache-ssl) support. SQL-Ledger doesn't + require mod-perl or SSL support, but works with either if + you need it installed for other functions you have. Older versions + of Debian Apache installations, spread the configuration of the + server across 3 files (srm.conf, access.conf and httpd.conf). + Newer versions have consolidated all of this to httpd.conf. +<li>SQL-Ledger uses the Data Base Interface perl module for communication + with PostgreSQL. The CPAN (Comprehensive Perl Archive Network) + name for this module is DBI. Debian calls this module + libdbi-perl. You should probably deselect (or apt-get) the + Debian version of this module to minimize upgrading headaches in + the future. +<li>DBI requires the use of an implementation specific Data Base + Driver. In our case, we need the PostgreSQL specific one. + CPAN calls this module DBD::PG, Debian calls it libdbd-pg-perl. + You should use dselect (or apt-get) to install it. +<li>One more layer of Perl - PostgreSQL support is needed. Debian + calls this last package libpgperl. Use dselect or apt-get to + install it. (You should be able to install all 5 packages at + one time.) +<li>We need to allow your PostgreSQL database to accept queries + in a network manner. To do this, we need to change the value + of the TCPIP_SOCKET to 1. In newer + PostgreSQL installs, this variable will be someplace in + /etc/postgresql/postgreslq.conf (older installs will be + postmaster.init, same directory. Note: you shouldn't have + both files there.) Start up your favorite text editor, find + the line with that variable on it, change the "no" to a "yes", + and make sure the line isn't commented out (a "#" in front + of it on the same line). +<li>PostgreSQL has a set of users and passwords independent of + normal user logins. We need to set up a PostgreSQL user + to "own" the SQL-Ledger data (choose a name that makes sense + to you, it shouldn't be "root" or "postgres"). The (PostgreSQL) + program for doing this is called "createuser". To make this + SQL-Ledger owner user, we first need to "become" the PostgreSQL + superuser (on Debian, this is "postgres"), and then we will + run the createuser program. So, once we are logged in as root: +<pre> + # su postgres + $ createuser -d sql-ledger + ... + $ exit + # +</pre> + As shown above, we then typed "exit" after createuser was done, + to stop being the "postgres" user. The "-d" switch (you called + also use "--createdb") specifies that this user can create + databases. +<li>We need to adjust the configuration of the HTTP server Apache + next. Older Apache installations (srm.conf, access.conf and + httpd.conf) need changes in srm.conf and httpd.conf. Newer + installations just need to edit /etc/apache/httpd.conf. First, + we need to instruct the server that files that end in ".pl" + are to be treated as "cgi-script"s (srm.conf if separate).<pre> + AddHandler cgi-script .pl</pre> + Second, we need to map our SQL-Ledger installation to be easy + for users to find it (in srm.conf if separate).<pre> + Alias /sql-ledger/ /usr/local/www/sql-ledger/</pre> + The "/" at the end of sql-ledger in both strings is important! + Next, we need to allow the server to execute files from those + directories, include things and follow links. This information + is in httpd.conf (old or new installations).<pre> + <Directory /usr/local/www/sql-ledger> + Options ExecCGI Includes FollowSymLinks + </Directory></pre> + If we decided to put SQL-Ledger somewhere other than + /usr/local/www/sql-ledger, we would use different paths above. +<li>All the files in the "users" and "templates" subdirectories + of /usr/local/www/sql-ledger need to be owned by "www-data".<pre> + # cd /usr/local/www/sql-ledger + # chown www-data:www-data users templates users/members</pre> + You may get an "error" about users/members not existing. It + is safe to ignore this error. +<li>Restart the apache server.<pre> + /etc/init.d/apache restart</pre> +<li>From a browser, visit the URL<pre> + http://localhost/sql-ledger/admin.pl</pre> +<li>Login as the PostgreSQL user responsible for the SQL-Ledger + database you set up. Create a database and create + at least one user. (It's not a good idea to access your + SQL-Ledger data as the "owner" of the data on a regular basis.) +<li>Visit<pre> + http://localhost/sql-ledger/login.pl</pre> + and login as the user you created</pre> + +</ul> + + +<p><li><h4>login.pl has compilation error</h4> + +This could be because of a missing configuration file in the users directory + +<p>check the permission for the users directory. The directory must be +set writeable for the webserver. If your webserver runs under nobody.nogroup +set it to +<pre> +drwxrwx--x 2 johndoe nogroup 1024 May 26 16:49 users + +or + +drwx--x--x 2 nobody nogroup 1024 May 26 16:49 users +</pre> + + +<p><li><h4>script not executing, shows in browser instead</h4> + +Add + +<pre> + AddHandler cgi-script .pl +</pre> + +in your httpd.conf file. + + +<p><li><h4>unknown terminal!</h4> +the frontend script couldn't figure out which browser you are using +<p>include the terminal variable on the URL +<pre> + http://localhost/sql-ledger/login.pl?terminal=lynx</pre> +<p>Valid terminal variables are lynx and mozilla + + +<p><li><h4>permission denied at filesystem level</h4> + +Check if your web server has write permission to write to the following +files and directories: +<pre> + users/ + templates/ + users/members + + # chown nobody:nogroup users templates users/members +</pre> + + +<p><li><h4>permission denied to access tables</h4> +The user you entered in the "Database section" must be a valid +database user who has the rights to access the tables. + +<p>If the tables are owned by 'john' and you enter 'mary' as the dba +you might run into this problem if mary doesn't have the rights to +access tables owned by john. + + +<p><li><h4>html and graphics files don't show up on screen</h4> + +Enable Includes and FollowSymlinks Options in your httpd.conf file +<pre> <Directory /usr/local/sql-ledger> + Options ExecCGI Includes FollowSymlinks + </Directory> +</pre> + + +<p><li><h4>Can I use mySQL</h4> + +No. mySQL lacks certain features required by SQL-Ledger. + + +<p><li><h4>switch display to a foreign language</h4> + +Load your preferences and select the language. +<br>Language selection is in accordance to +<a href=http://www.unece.org/cefact/locode/service/main.htm> +ISO 3166-1</a> standards. + + +<p><li><h4>Text shows in English when I use a foreign language</h4> + +This is because the corresponding hash entry is missing. +Add the missing text in the locale/cc/all or locale/cc/missing +file and run 'perl locales.pl' to rebuild the individual files. + +<br>cc refers to the country code. + + +<p><li><h4>switch to a foreign language for the login and admin screen</h4> + +Edit sql-ledger.conf and enter the code for the variable +$language. If your language specific files are in 'locales/cc', enter 'cc' + + +</ul> + +<p> +<hr> +<a name=security> +<h1>SQL-Ledger security</h1> +</a> + +<ul> +<li>The security features built into SQL-Ledger provide encrypted passwords +and access control which makes it fairly safe out of the box to run even in +front of a firewall. +Some precautions which are out of our control must be taken though. +It matters where you install SL and how you configure your web and SQL server. + +<pre> + Typical setups: + + /usr/local/vh/www <- DocumentRoot for virtual host + /usr/local/vh/sql-ledger <- Alias for sql-ledger + /usr/local/vh/users <- users directory out of reach + +<hr width=60% align=left> + /usr/local/vh/www <- DocumentRoot for virtual host + /usr/local/vh/www/sql-ledger <- Alias for sql-ledger + /usr/local/vh/www/sql-ledger/users <- users configuration files and tmp space + + <Directory /usr/local/vh/www/sql-ledger/users> <- disable webserver access + Order Deny,Allow for users directory + Deny from All + </Directory> + +</pre> + +The location for the users directory can be specified in sql-ledger.conf + +<p><li>Set permission for the users and templates directory to 711 +(most restrictive) + +<p><li>If you do not want anyone to change the templates with the built-in +editor set the files in templates/directory/ to read only or disable +the menu item to edit the templates. + +<p><li>For PostgreSQL you can set who has access to the server in the file +pg_hba.conf +<br>Authentication crypt does not work because not all SQL servers +accept encrypted passwords. + +<p><li>in addition you can secure the tables from unauthorized access by +setting up a different database user and GRANT rights. For instance, +users without DELETE rights will still be able to use the program, change +customers or vendors but will not be able to delete transactions. +To lock all the tables GRANT SELECT rights only. + +<p><li>Other security options include a secure shell, your webserver's +authentication system, SSL, encrypted tunnels, ... + +</ul> + +</BODY> +</HTML> + |