acmeattic-devel team mailing list archive

[Karthik Swaminathan Nagaraj <nkarthiks@xxxxxxxxx>]

So I agree that (2) is coupled with a webserver. I imagined the backup
server to be running on a remote machine. I suggested that the webserver
could be run as a portable application. By making it portable, the user can
carry it around in a flash drive and use it to browse his files on the
backup server (without installing the client at say a public computer). The
advantages compared to using a webserver provided by the backup server is
the local handling of keys.
Surely this could be a future feature, maybe after our beta release.

Karthik

On Tue, Jul 6, 2010 at 10:50 PM, Aditya Manthramurthy
<aditya.mmy@xxxxxxxxx>wrote:

> On Tuesday 06 July 2010 07:23 AM, Karthik Swaminathan Nagaraj wrote:
>
>> I think that these assumptions and policies are okay for the design. If we
>> are able to think of a better model, we could incorporate it in the future.
>> I was thinking that if the web server itself is crafted as a separate
>> application from the server, it could be run by the user at a more trusted
>> local location.
>> Eg: I can run my own web server on my machine for accessing my files. I
>> still do not need to provide space but I still maintain all my security
>> guarantees if only "my" server handles my key.
>> If its small and portable, maybe we could even ship it with a small web
>> server - like the python web server!
>> The web application is there to anyway provide simple access to the files.
>>
>> And the storage server would also be running a copy of the webserver for
>> those who want to use that functionality after understanding the risks.
>>
>>
> It seems that there is a misunderstanding here. There are two components to
> the server software.
>
> 1) One is the part that interacts with AA clients and updates data on the
> server. This part is not to be trusted with keys at any point.
> 2) A user interface for "users" (not client s/w), that is a simple
> interface that can be used by users to manipulate/manage their attic. Here
> users are required to trust the server after understanding the risks.
>
> Conceivably, (1) can be decoupled from a web server. No point in decoupling
> (2), for the use case you gave, because everything is on one machine.
> However, I think the feature of allowing the same machine to run the server
> s/w and the client s/w, w/o a webserver, does not seem to have a good use
> case. After all it is a backup tool. Running with a webserver on the same
> machine, could conceivably be used to test the software before a production
> deployment.
>
> So, I think we can consider decoupling server work from the webserver as a
> wishlist feature, at most.
>
> --
> Aditya.
>
> _______________________________________________
> Mailing list: https://launchpad.net/~acmeattic-devel<https://launchpad.net/%7Eacmeattic-devel>
> Post to     : acmeattic-devel@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~acmeattic-devel<https://launchpad.net/%7Eacmeattic-devel>
> More help   : https://help.launchpad.net/ListHelp
>



-- 
Karthik