[Bug 220931] Review Request: ZoneMinder - Linux CCTV package
bugzilla at redhat.com
bugzilla at redhat.com
Sat Jun 23 21:47:16 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: ZoneMinder - Linux CCTV package
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220931
------- Additional Comments From fedora at ebourne.me.uk 2007-06-23 17:47 EST -------
Jason, thanks for taking this on.
Regarding the symlinks under the webroot I should have been more specific. Those
are used directly as URLs, and not just as a data source for the php, and hence
really do need to be web accessible. eg. If you go to an event and view it as
stills, those images are coming directly from the directory, eg:
https://xxx.xxx.xxx/app/zm/events/4/298040/008-capture.jpg
I agree about the access control. I didn't even realise zm had its own access
control, I must have switched that off as soon as I installed it (I'm paranoid
and only trust apache access control). The lack of password for viewing images
appears to be a design bug in zm, don't see how it can expect to control those
and still reference them by direct url.
My preferred solution to this would be to make the zoneminder apache config
default to barring all access and add a README.Fedora file explaining what to do
to enable it and warning about the issues. Then I'll take it over to the zm
forums and see if Phil is interested in addressing that properly in a future
version.
Does this sound like an acceptable solution?
Regarding your other points I've made those changes and they will be in the next
revision when it is complete.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list